From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 23 Oct 2014 16:32:22 +0000 (+0200)
Subject: smack: never follow symlinks when relabelling
X-Git-Tag: v217~104
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=d1ce2089b4b2fb1f1d8faba9a0aa6d9f8fbb0638

smack: never follow symlinks when relabelling

previously mac_smack_apply(path, NULL) would operate on the symlink
itself while mac_smack_apply(path, "foo") would follow the symlink.
Let's clean this up an always operate on the symlink, which appears to
be the safer option.
---

diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
index 4a94922a4..c345488d2 100644
--- a/src/shared/smack-util.c
+++ b/src/shared/smack-util.c
@@ -50,7 +50,7 @@ int mac_smack_apply(const char *path, const char *label) {
                 return 0;
 
         if (label)
-                r = setxattr(path, "security.SMACK64", label, strlen(label), 0);
+                r = lsetxattr(path, "security.SMACK64", label, strlen(label), 0);
         else
                 r = lremovexattr(path, "security.SMACK64");
         if (r < 0)