introduce and use setfscreatecon_or_die
(patch by Yuichi Nakamura <ynakam@hitachisoft.jp>) runcon: *yet another* fix for vda's brainfart :(
This commit is contained in:
parent
b3f09f4a50
commit
39c651e909
@ -110,9 +110,7 @@ int install_main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
if (flags & OPT_SET_SECURITY_CONTEXT) {
|
if (flags & OPT_SET_SECURITY_CONTEXT) {
|
||||||
selinux_or_die();
|
selinux_or_die();
|
||||||
if (setfscreatecon(scontext) < 0) {
|
setfscreatecon_or_die(scontext);
|
||||||
bb_error_msg_and_die("setfscreatecon(%s)", scontext); // perror?
|
|
||||||
}
|
|
||||||
use_default_selinux_context = 0;
|
use_default_selinux_context = 0;
|
||||||
copy_flags |= FILEUTILS_SET_SECURITY_CONTEXT;
|
copy_flags |= FILEUTILS_SET_SECURITY_CONTEXT;
|
||||||
}
|
}
|
||||||
|
@ -43,10 +43,7 @@ mode_t getopt_mk_fifo_nod(int argc, char **argv)
|
|||||||
#if ENABLE_SELINUX
|
#if ENABLE_SELINUX
|
||||||
if (opt & 2) {
|
if (opt & 2) {
|
||||||
selinux_or_die();
|
selinux_or_die();
|
||||||
if (setfscreatecon(scontext)) {
|
setfscreatecon_or_die(scontext);
|
||||||
bb_error_msg_and_die("cannot set default file creation context "
|
|
||||||
"to %s", scontext);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -62,10 +62,7 @@ int mkdir_main(int argc, char **argv)
|
|||||||
#if ENABLE_SELINUX
|
#if ENABLE_SELINUX
|
||||||
if (opt & 4) {
|
if (opt & 4) {
|
||||||
selinux_or_die();
|
selinux_or_die();
|
||||||
if (setfscreatecon(scontext)) {
|
setfscreatecon_or_die(scontext);
|
||||||
bb_error_msg_and_die("cannot set default file creation context "
|
|
||||||
"to %s", scontext);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -601,6 +601,7 @@ extern void renew_current_security_context(void);
|
|||||||
extern void set_current_security_context(security_context_t sid);
|
extern void set_current_security_context(security_context_t sid);
|
||||||
extern context_t set_security_context_component(security_context_t cur_context,
|
extern context_t set_security_context_component(security_context_t cur_context,
|
||||||
char *user, char *role, char *type, char *range);
|
char *user, char *role, char *type, char *range);
|
||||||
|
extern void setfscreatecon_or_die(security_context_t scontext);
|
||||||
#endif
|
#endif
|
||||||
extern void selinux_or_die(void);
|
extern void selinux_or_die(void);
|
||||||
extern int restricted_shell(const char *shell);
|
extern int restricted_shell(const char *shell);
|
||||||
|
@ -74,7 +74,7 @@ int copy_file(const char *source, const char *dest, int flags)
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (errno == ENOTSUP || errno == ENODATA) {
|
if (errno == ENOTSUP || errno == ENODATA) {
|
||||||
setfscreatecon(NULL);
|
setfscreatecon_or_die(NULL);
|
||||||
} else {
|
} else {
|
||||||
bb_perror_msg("cannot lgetfilecon %s", source);
|
bb_perror_msg("cannot lgetfilecon %s", source);
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -28,3 +28,13 @@ error:
|
|||||||
context_free(con);
|
context_free(con);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void setfscreatecon_or_die(security_context_t scontext)
|
||||||
|
{
|
||||||
|
if (setfscreatecon(scontext) < 0) {
|
||||||
|
/* Can be NULL. All known printf implementations
|
||||||
|
* display "(null)", "<null>" etc */
|
||||||
|
bb_perror_msg_and_die("cannot set default "
|
||||||
|
"file creation context to %s", scontext);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -132,6 +132,6 @@ int runcon_main(int argc, char *argv[])
|
|||||||
|
|
||||||
execvp(argv[0], argv);
|
execvp(argv[0], argv);
|
||||||
|
|
||||||
bb_perror_msg_and_die("cannot execute '%s'", command);
|
bb_perror_msg_and_die("cannot execute '%s'", argv[0]);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user