diff options
| author | Colin Walters <walters@verbum.org> | 2021-09-28 17:40:28 -0400 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2021-09-30 15:54:48 -0400 |
| commit | 1b9e3a9375a2da70b6ee049c6ff0989c9831963b (patch) | |
| tree | 5db0df88574ee42db8f58f98d905d59a4a89d6a3 /src/libostree/ostree-repo-commit.c | |
| parent | 4b61768e3dc7d2f4453fb44f1f640ccb092b59d1 (diff) | |
| download | ostree-1b9e3a9375a2da70b6ee049c6ff0989c9831963b.tar.gz | |
repo: Add an API to init `OstreeSePolicy` from commit directly
This is part of `OstreeCommitModifier`, but I'm not using
that in some of the ostree-ext Rust code.
It just makes more sense as a direct policy API, where it should
have been in the first place. There's already support for
setting a policy object on a commit modifier, so that's all the
old API needs to do now.
Diffstat (limited to 'src/libostree/ostree-repo-commit.c')
| -rw-r--r-- | src/libostree/ostree-repo-commit.c | 33 |
1 files changed, 2 insertions, 31 deletions
diff --git a/src/libostree/ostree-repo-commit.c b/src/libostree/ostree-repo-commit.c index 8dc2355e..c87e8de8 100644 --- a/src/libostree/ostree-repo-commit.c +++ b/src/libostree/ostree-repo-commit.c @@ -4314,7 +4314,6 @@ ostree_repo_commit_modifier_unref (OstreeRepoCommitModifier *modifier) g_clear_pointer (&modifier->devino_cache, (GDestroyNotify)g_hash_table_unref); g_clear_object (&modifier->sepolicy); - (void) glnx_tmpdir_delete (&modifier->sepolicy_tmpdir, NULL, NULL); g_free (modifier); return; @@ -4386,38 +4385,10 @@ ostree_repo_commit_modifier_set_sepolicy_from_commit (OstreeRepoCommitModifier GCancellable *cancellable, GError **error) { - GLNX_AUTO_PREFIX_ERROR ("setting sepolicy from commit", error); - g_autofree char *commit = NULL; - g_autoptr(GFile) root = NULL; - if (!ostree_repo_read_commit (repo, rev, &root, &commit, cancellable, error)) - return FALSE; - const char policypath[] = "usr/etc/selinux"; - g_autoptr(GFile) policyroot = g_file_get_child (root, policypath); - if (!g_file_query_exists (policyroot, NULL)) - return TRUE; /* No policy, nothing to do */ - - GLnxTmpDir tmpdir = {0,}; - if (!glnx_mkdtemp ("ostree-commit-sepolicy-XXXXXX", 0700, &tmpdir, error)) - return FALSE; - if (!glnx_shutil_mkdir_p_at (tmpdir.fd, "usr/etc", 0755, cancellable, error)) - return FALSE; - - OstreeRepoCheckoutAtOptions coopts = {0,}; - coopts.mode = OSTREE_REPO_CHECKOUT_MODE_USER; - coopts.subpath = glnx_strjoina ("/", policypath); - - if (!ostree_repo_checkout_at (repo, &coopts, tmpdir.fd, policypath, commit, cancellable, error)) - return glnx_prefix_error (error, "policy checkout"); - - g_autoptr(OstreeSePolicy) policy = ostree_sepolicy_new_at (tmpdir.fd, cancellable, error); + g_autoptr(OstreeSePolicy) policy = ostree_sepolicy_new_from_commit (repo, rev, cancellable, error); if (!policy) - return glnx_prefix_error (error, "reading policy"); - + return FALSE; ostree_repo_commit_modifier_set_sepolicy (modifier, policy); - /* Transfer ownership */ - modifier->sepolicy_tmpdir = tmpdir; - tmpdir.initialized = FALSE; - return TRUE; } |