diff options
author | Colin Walters <walters@verbum.org> | 2021-09-29 09:03:24 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2021-09-30 11:44:27 -0400 |
commit | ab12e380fc51487672d07ddf47295ee182e62d36 (patch) | |
tree | 353424b101c8649336336f8bb48565e16fcf0b0c /src/ostree | |
parent | e8394c755bbbfaf9071baad2c55b3d76a82555ea (diff) | |
download | ostree-ab12e380fc51487672d07ddf47295ee182e62d36.tar.gz |
bin/commit: Fix --tree=tar with --selinux-policy
The logic for `--selinux-policy` ended up in the `--tree=dir`
path, but there's no reason for that. Fix the imported
labeling with `--tree=tar`. Prep for use with containers.
We had this bug because the previous logic was trying to avoid
duplicating the code for generic `--selinux-policy` and
the case of `--selinux-policy-from-base --tree=dir`.
It's a bit more code, but it's cleaner if we dis-entangle them.
Diffstat (limited to 'src/ostree')
-rw-r--r-- | src/ostree/ot-builtin-commit.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/src/ostree/ot-builtin-commit.c b/src/ostree/ot-builtin-commit.c index 370e085c..b993678e 100644 --- a/src/ostree/ot-builtin-commit.c +++ b/src/ostree/ot-builtin-commit.c @@ -602,6 +602,17 @@ ostree_builtin_commit (int argc, char **argv, OstreeCommandInvocation *invocatio filter_data.skip_list = skip_list; modifier = ostree_repo_commit_modifier_new (flags, commit_filter, &filter_data, NULL); + + if (opt_selinux_policy) + { + glnx_autofd int rootfs_dfd = -1; + if (!glnx_opendirat (AT_FDCWD, opt_selinux_policy, TRUE, &rootfs_dfd, error)) + goto out; + policy = ostree_sepolicy_new_at (rootfs_dfd, cancellable, error); + if (!policy) + goto out; + ostree_repo_commit_modifier_set_sepolicy (modifier, policy); + } } if (opt_editor) @@ -691,14 +702,8 @@ ostree_builtin_commit (int argc, char **argv, OstreeCommandInvocation *invocatio { if (first && opt_selinux_policy_from_base) { - opt_selinux_policy = g_strdup (tree); - opt_selinux_policy_from_base = FALSE; - } - if (first && opt_selinux_policy) - { - g_assert (modifier); glnx_autofd int rootfs_dfd = -1; - if (!glnx_opendirat (AT_FDCWD, opt_selinux_policy, TRUE, &rootfs_dfd, error)) + if (!glnx_opendirat (AT_FDCWD, tree, TRUE, &rootfs_dfd, error)) goto out; policy = ostree_sepolicy_new_at (rootfs_dfd, cancellable, error); if (!policy) |