sysusers: preserve label of /etc/{passwd, group}

These files are specially labeled on SELinux systems, and we need to
preserve that label.

diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 68c552d24ad2cc811bbe3fc7709a2b83445ed4ec..e086c72682c39a847363fe41e185ed6753f95e83 100644 (file)
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -312,7 +312,11 @@ static int write_files(void) {
                 _cleanup_fclose_ FILE *original = NULL;
 
                 group_path = fix_root("/etc/group");
+                r = label_context_set("/etc/group", S_IFREG);
+                if (r < 0)
+                        goto finish;
                 r = fopen_temporary(group_path, &group, &group_tmp);
+                label_context_clear();
                 if (r < 0)
                         goto finish;
 
@@ -388,9 +392,14 @@ static int write_files(void) {
                 _cleanup_fclose_ FILE *original = NULL;
 
                 passwd_path = fix_root("/etc/passwd");
-                r = fopen_temporary(passwd_path, &passwd, &passwd_tmp);
+                r = label_context_set("/etc/passwd", S_IFREG);
                 if (r < 0)
                         goto finish;
+                r = fopen_temporary(passwd_path, &passwd, &passwd_tmp);
+                label_context_clear();
+                if (r < 0) {
+                        goto finish;
+                }
 
                 if (fchmod(fileno(passwd), 0644) < 0) {
                         r = -errno;
@@ -1491,6 +1500,8 @@ int main(int argc, char *argv[]) {
 
         umask(0022);
 
+        label_init(NULL);
+
         r = 0;
 
         if (optind < argc) {