update-done: set proper selinux context for .updated

https://bugzilla.redhat.com/show_bug.cgi?id=1121806

diff --git a/Makefile.am b/Makefile.am
index 1e4cfb31f1b03302137f7373b8477e6f03870cb7..1cb771238692b272f787451d24bb017a38c506c9 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -1771,6 +1771,7 @@ systemd_update_done_SOURCES = \
 
 systemd_update_done_LDADD = \
        libsystemd-internal.la \
 
 systemd_update_done_LDADD = \
        libsystemd-internal.la \

+       libsystemd-label.la \

        libsystemd-shared.la
 
 # ------------------------------------------------------------------------------
        libsystemd-shared.la
 
 # ------------------------------------------------------------------------------

diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c
index 10ba85ca924ca97ec3673dc84332ee87ddaaa07b..b199a68972f89e72f5f76834a0b8f0def52e538d 100644 (file)
--- a/src/update-done/update-done.c
+++ b/src/update-done/update-done.c
@@ -20,6 +20,7 @@
 ***/
 
 #include "util.h"
 ***/
 
 #include "util.h"

+#include "label.h"

 
 static int apply_timestamp(const char *path, struct timespec *ts) {
         struct timespec twice[2];
 
 static int apply_timestamp(const char *path, struct timespec *ts) {
         struct timespec twice[2];


@@ -51,10 +52,20 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
 
         } else if (errno == ENOENT) {
                 _cleanup_close_ int fd = -1;
 
         } else if (errno == ENOENT) {
                 _cleanup_close_ int fd = -1;

+                int r;

 
                 /* The timestamp file doesn't exist yet? Then let's create it. */
 
 
                 /* The timestamp file doesn't exist yet? Then let's create it. */
 

+                r = label_context_set(path, S_IFREG);
+                if (r < 0) {
+                        log_error("Failed to set SELinux context for %s: %s",
+                                  path, strerror(-r));
+                        return r;
+                }
+

                 fd = open(path, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
                 fd = open(path, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);

+                label_context_clear();
+

                 if (fd < 0) {
 
                         if (errno == EROFS) {
                 if (fd < 0) {
 
                         if (errno == EROFS) {


@@ -83,7 +94,7 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
 
 int main(int argc, char *argv[]) {
         struct stat st;
 
 int main(int argc, char *argv[]) {
         struct stat st;

-        int r, q;
+        int r, q = 0;

 
         log_set_target(LOG_TARGET_AUTO);
         log_parse_environment();
 
         log_set_target(LOG_TARGET_AUTO);
         log_parse_environment();


@@ -94,11 +105,15 @@ int main(int argc, char *argv[]) {
                 return EXIT_FAILURE;
         }
 
                 return EXIT_FAILURE;
         }
 

-        r = apply_timestamp("/etc/.updated", &st.st_mtim);
+        r = label_init(NULL);
+        if (r < 0) {
+                log_error("SELinux setup failed: %s", strerror(-r));
+                goto finish;
+        }

 
 

+        r = apply_timestamp("/etc/.updated", &st.st_mtim);

         q = apply_timestamp("/var/.updated", &st.st_mtim);
         q = apply_timestamp("/var/.updated", &st.st_mtim);

-        if (q < 0 && r == 0)
-                r = q;

 
 

-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+finish:
+        return r < 0 || q < 0 ? EXIT_FAILURE : EXIT_SUCCESS;

 }
 }