Under an SELinux system, we want the file that is created to
have a proper context, different from the default for files in /run.
This is so that the policy can give access to almost everyone to
this file.
#include "socket-util.h"
#include "af-list.h"
#include "utf8.h"
+#include "fileio-label.h"
#include "resolved-dns-domain.h"
#include "resolved-conf.h"
}
}
- r = fopen_temporary(path, &f, &temp_path);
+ r = fopen_temporary_label(path, path, &f, &temp_path);
if (r < 0)
return r;
log_parse_environment();
log_open();
- umask(0022);
-
if (argc != 1) {
log_error("This program takes no arguments.");
r = -EINVAL;
goto finish;
}
+ umask(0022);
+
+ r = label_init(NULL);
+ if (r < 0) {
+ log_error("SELinux setup failed: %s", strerror(-r));
+ goto finish;
+ }
+
r = get_user_creds(&user, &uid, &gid, NULL, NULL);
if (r < 0) {
log_error("Cannot resolve user name %s: %s", user, strerror(-r));