Fedora: don't ship [Install] sections; these are enabled in the system configuration.

[elogind.git] / src / label.c

diff --git a/src/label.c b/src/label.c
index fb570c54a50d5c6693e0c9e464a266136d3fb161..d037c4c93215bfe67b84439b5eb27c3100c41123 100644 (file)
--- a/src/label.c
+++ b/src/label.c
@@ -51,6 +51,9 @@ int label_init(void) {
         if (!use_selinux())
                 return 0;
 
+        if (label_hnd)
+                return 0;
+
         label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
         if (!label_hnd) {
                 log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG,
@@ -83,6 +86,10 @@ int label_fix(const char *path) {
                 if (r == 0) {
                         r = setfilecon(path, fcon);
                         freecon(fcon);
+
+                        /* If the FS doesn't support labels, then exit without warning */
+                        if (r < 0 && errno == ENOTSUP)
+                                return 0;
                 }
         }
 
@@ -166,6 +173,31 @@ int label_fifofile_set(const char *path) {
         return r;
 }
 
+int label_symlinkfile_set(const char *path) {
+        int r = 0;
+
+#ifdef HAVE_SELINUX
+        security_context_t filecon = NULL;
+
+        if (!use_selinux() || !label_hnd)
+                return 0;
+
+        if ((r = selabel_lookup_raw(label_hnd, &filecon, path, S_IFLNK)) == 0) {
+                if ((r = setfscreatecon(filecon)) < 0) {
+                        log_error("Failed to set SELinux file context on %s: %m", path);
+                        r = -errno;
+                }
+
+                freecon(filecon);
+        }
+
+        if (r < 0 && security_getenforce() == 0)
+                r = 0;
+#endif
+
+        return r;
+}
+
 int label_socket_set(const char *label) {
 
 #ifdef HAVE_SELINUX