From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Tue, 22 Jul 2014 00:56:29 +0000 (-0400)
Subject: update-done: set proper selinux context for .updated
X-Git-Tag: v216~462
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=7dbb1d08f66cd44b1296be3ee8e3629b989e19a8

update-done: set proper selinux context for .updated

https://bugzilla.redhat.com/show_bug.cgi?id=1121806
---

diff --git a/Makefile.am b/Makefile.am
index 1e4cfb31f..1cb771238 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1771,6 +1771,7 @@ systemd_update_done_SOURCES = \
 
 systemd_update_done_LDADD = \
 	libsystemd-internal.la \
+	libsystemd-label.la \
 	libsystemd-shared.la
 
 # ------------------------------------------------------------------------------
diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c
index 10ba85ca9..b199a6897 100644
--- a/src/update-done/update-done.c
+++ b/src/update-done/update-done.c
@@ -20,6 +20,7 @@
 ***/
 
 #include "util.h"
+#include "label.h"
 
 static int apply_timestamp(const char *path, struct timespec *ts) {
         struct timespec twice[2];
@@ -51,10 +52,20 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
 
         } else if (errno == ENOENT) {
                 _cleanup_close_ int fd = -1;
+                int r;
 
                 /* The timestamp file doesn't exist yet? Then let's create it. */
 
+                r = label_context_set(path, S_IFREG);
+                if (r < 0) {
+                        log_error("Failed to set SELinux context for %s: %s",
+                                  path, strerror(-r));
+                        return r;
+                }
+
                 fd = open(path, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
+                label_context_clear();
+
                 if (fd < 0) {
 
                         if (errno == EROFS) {
@@ -83,7 +94,7 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
 
 int main(int argc, char *argv[]) {
         struct stat st;
-        int r, q;
+        int r, q = 0;
 
         log_set_target(LOG_TARGET_AUTO);
         log_parse_environment();
@@ -94,11 +105,15 @@ int main(int argc, char *argv[]) {
                 return EXIT_FAILURE;
         }
 
-        r = apply_timestamp("/etc/.updated", &st.st_mtim);
+        r = label_init(NULL);
+        if (r < 0) {
+                log_error("SELinux setup failed: %s", strerror(-r));
+                goto finish;
+        }
 
+        r = apply_timestamp("/etc/.updated", &st.st_mtim);
         q = apply_timestamp("/var/.updated", &st.st_mtim);
-        if (q < 0 && r == 0)
-                r = q;
 
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+finish:
+        return r < 0 || q < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
 }