chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
nspawn,man: use a common vocabulary when referring to selinux security contexts
[elogind.git]
/
src
/
core
/
execute.c
diff --git
a/src/core/execute.c
b/src/core/execute.c
index 474a4af895e61b912bc58a7d0d52f7dd3bc800c2..b941a024defe378c5766f379ae37909ebf50b0b0 100644
(file)
--- a/
src/core/execute.c
+++ b/
src/core/execute.c
@@
-72,6
+72,7
@@
#include "fileio.h"
#include "unit.h"
#include "async.h"
#include "fileio.h"
#include "unit.h"
#include "async.h"
+#include "selinux-util.h"
#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
@@
-1570,13
+1571,18
@@
int exec_spawn(ExecCommand *command,
}
#ifdef HAVE_SELINUX
if (context->selinux_context && use_selinux()) {
}
#ifdef HAVE_SELINUX
if (context->selinux_context && use_selinux()) {
- err = security_check_context(context->selinux_context);
- if (err < 0) {
- r = EXIT_SELINUX_CONTEXT;
- goto fail_child;
- }
- err = setexeccon(context->selinux_context);
- if (err < 0) {
+ bool ignore;
+ char* c;
+
+ c = context->selinux_context;
+ if (c[0] == '-') {
+ c++;
+ ignore = true;
+ } else
+ ignore = false;
+
+ err = setexeccon(c);
+ if (err < 0 && !ignore) {
r = EXIT_SELINUX_CONTEXT;
goto fail_child;
}
r = EXIT_SELINUX_CONTEXT;
goto fail_child;
}
@@
-2117,7
+2123,6
@@
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
fprintf(f,
"%sSELinuxContext: %s\n",
prefix, c->selinux_context);
fprintf(f,
"%sSELinuxContext: %s\n",
prefix, c->selinux_context);
-
}
void exec_status_start(ExecStatus *s, pid_t pid) {
}
void exec_status_start(ExecStatus *s, pid_t pid) {