#include <malloc.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
#include "label.h"
+#include "strv.h"
#include "util.h"
#include "path-util.h"
#ifdef HAVE_SELINUX
+#include "selinux-util.h"
#include <selinux/selinux.h>
#include <selinux/label.h>
static struct selabel_handle *label_hnd = NULL;
-static int use_selinux_cached = -1;
-
-static inline bool use_selinux(void) {
-
- if (use_selinux_cached < 0)
- use_selinux_cached = is_selinux_enabled() > 0;
-
- return use_selinux_cached;
-}
-
-void label_retest_selinux(void) {
- use_selinux_cached = -1;
-}
-
#endif
int label_init(const char *prefix) {
l = after_mallinfo.uordblks > before_mallinfo.uordblks ? after_mallinfo.uordblks - before_mallinfo.uordblks : 0;
- log_info("Successfully loaded SELinux database in %s, size on heap is %iK.",
- format_timespan(timespan, sizeof(timespan), after_timestamp - before_timestamp),
- (l+1023)/1024);
+ log_debug("Successfully loaded SELinux database in %s, size on heap is %iK.",
+ format_timespan(timespan, sizeof(timespan), after_timestamp - before_timestamp, 0),
+ (l+1023)/1024);
}
#endif
return r;
}
-int label_fix(const char *path, bool ignore_enoent) {
+int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
int r = 0;
#ifdef HAVE_SELINUX
if (ignore_enoent && errno == ENOENT)
return 0;
+ if (ignore_erofs && errno == EROFS)
+ return 0;
+
log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG,
"Unable to fix label of %s: %m", path);
r = security_getenforce() == 1 ? -errno : 0;
return 0;
r = selabel_lookup_raw(label_hnd, &filecon, path, mode);
- if (r < 0)
+ if (r < 0 && errno != ENOENT)
r = -errno;
else if (r == 0) {
r = setfscreatecon(filecon);
int label_mkdir(const char *path, mode_t mode) {
/* Creates a directory and labels it according to the SELinux policy */
-
#ifdef HAVE_SELINUX
int r;
security_context_t fcon = NULL;
~ianmdlvl / elogind.git / blobdiff