chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
pager: support SYSTEMD_LESS environment variable
[elogind.git] / src / core / execute.c
diff --git a/src/core/execute.c b/src/core/execute.c
index c02c768c68e40c70c02a62839acb8aaf0881c539..b941a024defe378c5766f379ae37909ebf50b0b0 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -72,6 +72,7 @@
 #include "fileio.h"
 #include "unit.h"
 #include "async.h"
+#include "selinux-util.h"
 
 #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
 #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
@@ -1569,14 +1570,19 @@ int exec_spawn(ExecCommand *command,
                                 }
                         }
 #ifdef HAVE_SELINUX
-                        if (context->selinux_context) {
-                                err = security_check_context(context->selinux_context);
-                                if (err < 0) {
-                                        r = EXIT_SELINUX_CONTEXT;
-                                        goto fail_child;
-                                }
-                                err = setexeccon(context->selinux_context);
-                                if (err < 0) {
+                        if (context->selinux_context && use_selinux()) {
+                                bool ignore;
+                                char* c;
+
+                                c = context->selinux_context;
+                                if (c[0] == '-') {
+                                        c++;
+                                        ignore = true;
+                                } else
+                                        ignore = false;
+
+                                err = setexeccon(c);
+                                if (err < 0 && !ignore) {
                                         r = EXIT_SELINUX_CONTEXT;
                                         goto fail_child;
                                 }
@@ -2117,7 +2123,6 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
                 fprintf(f,
                         "%sSELinuxContext: %s\n",
                         prefix, c->selinux_context);
-
 }
 
 void exec_status_start(ExecStatus *s, pid_t pid) {
Unnamed repository; edit this file 'description' to name the repository.