X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fexecute.c;h=b941a024defe378c5766f379ae37909ebf50b0b0;hb=82adf6af7c72b852449346835f33184a841b4796;hp=474a4af895e61b912bc58a7d0d52f7dd3bc800c2;hpb=5c56a259e07661a66e806cc2fbc71de96a75f78e;p=elogind.git diff --git a/src/core/execute.c b/src/core/execute.c index 474a4af89..b941a024d 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -72,6 +72,7 @@ #include "fileio.h" #include "unit.h" #include "async.h" +#include "selinux-util.h" #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC) #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC) @@ -1570,13 +1571,18 @@ int exec_spawn(ExecCommand *command, } #ifdef HAVE_SELINUX if (context->selinux_context && use_selinux()) { - err = security_check_context(context->selinux_context); - if (err < 0) { - r = EXIT_SELINUX_CONTEXT; - goto fail_child; - } - err = setexeccon(context->selinux_context); - if (err < 0) { + bool ignore; + char* c; + + c = context->selinux_context; + if (c[0] == '-') { + c++; + ignore = true; + } else + ignore = false; + + err = setexeccon(c); + if (err < 0 && !ignore) { r = EXIT_SELINUX_CONTEXT; goto fail_child; } @@ -2117,7 +2123,6 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { fprintf(f, "%sSELinuxContext: %s\n", prefix, c->selinux_context); - } void exec_status_start(ExecStatus *s, pid_t pid) {