diff options
author | Colin Walters <walters@verbum.org> | 2021-09-30 13:26:00 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-30 13:26:00 -0400 |
commit | 4b61768e3dc7d2f4453fb44f1f640ccb092b59d1 (patch) | |
tree | 353424b101c8649336336f8bb48565e16fcf0b0c | |
parent | e8394c755bbbfaf9071baad2c55b3d76a82555ea (diff) | |
parent | ab12e380fc51487672d07ddf47295ee182e62d36 (diff) | |
download | ostree-4b61768e3dc7d2f4453fb44f1f640ccb092b59d1.tar.gz |
Merge pull request #2448 from cgwalters/fix-selinux-policy
bin/commit: Fix --tree=tar with --selinux-policy
-rw-r--r-- | src/ostree/ot-builtin-commit.c | 19 | ||||
-rwxr-xr-x | tests/kolainst/destructive/itest-label-selinux.sh | 13 |
2 files changed, 25 insertions, 7 deletions
diff --git a/src/ostree/ot-builtin-commit.c b/src/ostree/ot-builtin-commit.c index 370e085c..b993678e 100644 --- a/src/ostree/ot-builtin-commit.c +++ b/src/ostree/ot-builtin-commit.c @@ -602,6 +602,17 @@ ostree_builtin_commit (int argc, char **argv, OstreeCommandInvocation *invocatio filter_data.skip_list = skip_list; modifier = ostree_repo_commit_modifier_new (flags, commit_filter, &filter_data, NULL); + + if (opt_selinux_policy) + { + glnx_autofd int rootfs_dfd = -1; + if (!glnx_opendirat (AT_FDCWD, opt_selinux_policy, TRUE, &rootfs_dfd, error)) + goto out; + policy = ostree_sepolicy_new_at (rootfs_dfd, cancellable, error); + if (!policy) + goto out; + ostree_repo_commit_modifier_set_sepolicy (modifier, policy); + } } if (opt_editor) @@ -691,14 +702,8 @@ ostree_builtin_commit (int argc, char **argv, OstreeCommandInvocation *invocatio { if (first && opt_selinux_policy_from_base) { - opt_selinux_policy = g_strdup (tree); - opt_selinux_policy_from_base = FALSE; - } - if (first && opt_selinux_policy) - { - g_assert (modifier); glnx_autofd int rootfs_dfd = -1; - if (!glnx_opendirat (AT_FDCWD, opt_selinux_policy, TRUE, &rootfs_dfd, error)) + if (!glnx_opendirat (AT_FDCWD, tree, TRUE, &rootfs_dfd, error)) goto out; policy = ostree_sepolicy_new_at (rootfs_dfd, cancellable, error); if (!policy) diff --git a/tests/kolainst/destructive/itest-label-selinux.sh b/tests/kolainst/destructive/itest-label-selinux.sh index d7337124..97b5cc54 100755 --- a/tests/kolainst/destructive/itest-label-selinux.sh +++ b/tests/kolainst/destructive/itest-label-selinux.sh @@ -104,3 +104,16 @@ assert_file_has_content newls.txt ':lib_t:' ostree ls -X newbase /usr/etc/some.conf > newls.txt assert_file_has_content newls.txt ':etc_t:' echo "ok commit --selinux-policy-from-base" + +rm rootfs -rf +mkdir rootfs +mkdir -p rootfs/usr/{bin,lib,etc} +echo 'somebinary' > rootfs/usr/bin/somebinary +ls -Z rootfs/usr/bin/somebinary > lsz.txt +assert_not_file_has_content lsz.txt ':bin_t:' +rm -f lsz.txt +tar -C rootfs -cf rootfs.tar . +ostree commit -b newbase --selinux-policy / --tree=tar=rootfs.tar +ostree ls -X newbase /usr/bin/somebinary > newls.txt +assert_file_has_content newls.txt ':bin_t:' +echo "ok commit --selinux-policy with --tree=tar" |