From d1ce2089b4b2fb1f1d8faba9a0aa6d9f8fbb0638 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 23 Oct 2014 18:32:22 +0200
Subject: [PATCH] smack: never follow symlinks when relabelling

previously mac_smack_apply(path, NULL) would operate on the symlink
itself while mac_smack_apply(path, "foo") would follow the symlink.
Let's clean this up an always operate on the symlink, which appears to
be the safer option.
---
 src/shared/smack-util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
index 4a94922a4..c345488d2 100644
--- a/src/shared/smack-util.c
+++ b/src/shared/smack-util.c
@@ -50,7 +50,7 @@ int mac_smack_apply(const char *path, const char *label) {
                 return 0;
 
         if (label)
-                r = setxattr(path, "security.SMACK64", label, strlen(label), 0);
+                r = lsetxattr(path, "security.SMACK64", label, strlen(label), 0);
         else
                 r = lremovexattr(path, "security.SMACK64");
         if (r < 0)
-- 
2.30.2