X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fexecute.c;h=be15fb95eea99dc7870ce35a10d3789320278311;hb=5f8640fb628cb034981e02d741fd9ddf26fdf38d;hp=06ddd5c91cdb5d0d774fdf2770e2e41f77c4b035;hpb=4a3fa6ac77c5236f95963c0a0fdd541d02c6883a;p=elogind.git

diff --git a/src/core/execute.c b/src/core/execute.c
index 06ddd5c91..be15fb95e 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1572,18 +1572,8 @@ int exec_spawn(ExecCommand *command,
 
 #ifdef HAVE_SELINUX
                         if (context->selinux_context && use_selinux()) {
-                                bool ignore;
-                                char* c;
-
-                                c = context->selinux_context;
-                                if (c[0] == '-') {
-                                        c++;
-                                        ignore = true;
-                                } else
-                                        ignore = false;
-
-                                err = setexeccon(c);
-                                if (err < 0 && !ignore) {
+                                err = setexeccon(context->selinux_context);
+                                if (err < 0 && !context->selinux_context_ignore) {
                                         r = EXIT_SELINUX_CONTEXT;
                                         goto fail_child;
                                 }
@@ -2127,8 +2117,8 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
 
         if (c->selinux_context)
                 fprintf(f,
-                        "%sSELinuxContext: %s\n",
-                        prefix, c->selinux_context);
+                        "%sSELinuxContext: %s%s\n",
+                        prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
 
         if (c->syscall_filter) {
 #ifdef HAVE_SECCOMP