vipw[selinux]: do not use deprecated typedef and skip context translation

This retrieved context is just passed to libselinux functions and not
printed or otherwise made available to the outside, so a context
translation to human readable MCS/MLS labels is not needed.
(see man:setrans.conf(5))

The typedef security_context_t is deprecated, see
9eb9c93275

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Christian Göttsche 2021-04-09 18:20:49 +02:00
parent 6e4b2fe25d
commit c0aa8a876e

View File

@ -243,13 +243,13 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
/* if SE Linux is enabled then set the context of all new files /* if SE Linux is enabled then set the context of all new files
to be the context of the file we are editing */ to be the context of the file we are editing */
if (is_selinux_enabled () != 0) { if (is_selinux_enabled () != 0) {
security_context_t passwd_context=NULL; char *passwd_context_raw = NULL;
int ret = 0; int ret = 0;
if (getfilecon (file, &passwd_context) < 0) { if (getfilecon_raw (file, &passwd_context_raw) < 0) {
vipwexit (_("Couldn't get file context"), errno, 1); vipwexit (_("Couldn't get file context"), errno, 1);
} }
ret = setfscreatecon (passwd_context); ret = setfscreatecon_raw (passwd_context_raw);
freecon (passwd_context); freecon (passwd_context_raw);
if (0 != ret) { if (0 != ret) {
vipwexit (_("setfscreatecon () failed"), errno, 1); vipwexit (_("setfscreatecon () failed"), errno, 1);
} }
@ -401,7 +401,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
/* unset the fscreatecon */ /* unset the fscreatecon */
if (is_selinux_enabled () != 0) { if (is_selinux_enabled () != 0) {
if (setfscreatecon (NULL) != 0) { if (setfscreatecon_raw (NULL) != 0) {
vipwexit (_("setfscreatecon () failed"), errno, 1); vipwexit (_("setfscreatecon () failed"), errno, 1);
} }
} }