diff options
| author | Dan Walsh <dwalsh@redhat.com> | 2016-03-17 18:03:02 -0400 |
|---|---|---|
| committer | Colin Walters (automation) <walters+githubbot@verbum.org> | 2016-03-22 09:33:46 +0000 |
| commit | 506fb1b1624358d57095b20408414ccef6fbc22c (patch) | |
| tree | 60a7e6e77613e129334b80f31834dedb3fab13b5 /utils.c | |
| parent | aedbc794d5cc3f5c479c7307054a761f388d2941 (diff) | |
| download | bubblewrap-506fb1b1624358d57095b20408414ccef6fbc22c.tar.gz | |
Add SELinux Support
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Pull request: #25
Approved by: alexlarsson
Diffstat (limited to 'utils.c')
| -rw-r--r-- | utils.c | 50 |
1 files changed, 50 insertions, 0 deletions
@@ -19,6 +19,9 @@ #include "utils.h" #include <sys/syscall.h> +#ifdef HAVE_SELINUX +#include <selinux/selinux.h> +#endif void die_with_error (const char *format, ...) @@ -617,3 +620,50 @@ pivot_root (const char * new_root, const char * put_old) return -1; #endif } + +int +label_support () +{ +#ifdef HAVE_SELINUX + if (is_selinux_enabled () > 0) + return -1; +#endif + return 0; +} + +char * +label_mount (const char *opt, const char *mount_label) +{ +#ifdef HAVE_SELINUX + if (mount_label) + { + if (opt) + return strdup_printf ("%s,context=\"%s\"", opt, mount_label); + else + return strdup_printf ("context=\"%s\"", mount_label); + } +#endif + if (opt) + return xstrdup (opt); + return NULL; +} + +int +label_create_file (const char *file_label) +{ +#ifdef HAVE_SELINUX + if (is_selinux_enabled () > 0 && file_label) + return setfscreatecon (file_label); +#endif + return 0; +} + +int +label_exec (const char *exec_label) +{ +#ifdef HAVE_SELINUX + if (is_selinux_enabled () > 0 && exec_label) + return setexeccon (exec_label); +#endif + return 0; +} |