#include "path-util.h"
#ifdef HAVE_SELINUX
+#include "selinux-util.h"
#include <selinux/selinux.h>
#include <selinux/label.h>
static struct selabel_handle *label_hnd = NULL;
-static int use_selinux_cached = -1;
-
-static inline bool use_selinux(void) {
-
- if (use_selinux_cached < 0)
- use_selinux_cached = is_selinux_enabled() > 0;
-
- return use_selinux_cached;
-}
-
-void label_retest_selinux(void) {
- use_selinux_cached = -1;
-}
-
#endif
-int label_init(const char *prefixes[]) {
+int label_init(const char *prefix) {
int r = 0;
#ifdef HAVE_SELINUX
before_mallinfo = mallinfo();
before_timestamp = now(CLOCK_MONOTONIC);
- if (prefixes) {
+ if (prefix) {
struct selinux_opt options[] = {
- { .type = SELABEL_OPT_SUBSET, .values = prefixes },
+ { .type = SELABEL_OPT_SUBSET, .value = prefix },
};
label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));
return r;
}
-int label_fix(const char *path, bool ignore_enoent) {
+int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
int r = 0;
#ifdef HAVE_SELINUX
if (ignore_enoent && errno == ENOENT)
return 0;
+ if (ignore_erofs && errno == EROFS)
+ return 0;
+
log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG,
"Unable to fix label of %s: %m", path);
r = security_getenforce() == 1 ? -errno : 0;
return 0;
r = selabel_lookup_raw(label_hnd, &filecon, path, mode);
- if (r < 0)
+ if (r < 0 && errno != ENOENT)
r = -errno;
else if (r == 0) {
r = setfscreatecon(filecon);
#endif
}
-int label_mkdir(const char *path, mode_t mode) {
+int label_mkdir(const char *path, mode_t mode, bool apply) {
/* Creates a directory and labels it according to the SELinux policy */
-
#ifdef HAVE_SELINUX
int r;
security_context_t fcon = NULL;
- if (!use_selinux() || !label_hnd)
+ if (!apply || !use_selinux() || !label_hnd)
goto skipped;
if (path_is_absolute(path))
~ianmdlvl / elogind.git / blobdiff