diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2020-09-01 15:48:53 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-12-16 15:32:46 +0100 |
commit | 58a33e50c01be9b7076d96bea57fe9f70dc2f3f2 (patch) | |
tree | a5549c2be353f901547d4e9c71440f48f471a3a7 | |
parent | e39f0fa5c3da64181981ee9dc373b400e6453b19 (diff) | |
download | systemd-58a33e50c01be9b7076d96bea57fe9f70dc2f3f2.tar.gz |
selinux: create unit invocation links with default SELinux context
(cherry picked from commit a3f5fd964bc9fcac82315f8c82d4ca575afdd1b7)
-rw-r--r-- | src/basic/label.c | 22 | ||||
-rw-r--r-- | src/basic/label.h | 1 | ||||
-rw-r--r-- | src/core/unit.c | 4 |
3 files changed, 25 insertions, 2 deletions
diff --git a/src/basic/label.c b/src/basic/label.c index 741c43c2b9..107028e068 100644 --- a/src/basic/label.c +++ b/src/basic/label.c @@ -5,6 +5,7 @@ #include <unistd.h> #include "btrfs-util.h" +#include "fs-util.h" #include "label.h" #include "macro.h" #include "selinux-util.h" @@ -45,6 +46,27 @@ int symlink_label(const char *old_path, const char *new_path) { return mac_smack_fix(new_path, 0); } +int symlink_atomic_label(const char *from, const char *to) { + int r; + + assert(from); + assert(to); + + r = mac_selinux_create_file_prepare(to, S_IFLNK); + if (r < 0) + return r; + + if (symlink_atomic(from, to) < 0) + r = -errno; + + mac_selinux_create_file_clear(); + + if (r < 0) + return r; + + return mac_smack_fix(to, 0); +} + int mknod_label(const char *pathname, mode_t mode, dev_t dev) { int r; diff --git a/src/basic/label.h b/src/basic/label.h index 6dc0f710ef..d99d824b4a 100644 --- a/src/basic/label.h +++ b/src/basic/label.h @@ -17,6 +17,7 @@ static inline int label_fix(const char *path, LabelFixFlags flags) { int mkdir_label(const char *path, mode_t mode); int mkdirat_label(int dirfd, const char *path, mode_t mode); int symlink_label(const char *old_path, const char *new_path); +int symlink_atomic_label(const char *from, const char *to); int mknod_label(const char *pathname, mode_t mode, dev_t dev); int btrfs_subvol_make_label(const char *path); diff --git a/src/core/unit.c b/src/core/unit.c index 0b2a207cdc..1d15e387cd 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -24,10 +24,10 @@ #include "fileio-label.h" #include "fileio.h" #include "format-util.h" -#include "fs-util.h" #include "id128-util.h" #include "io-util.h" #include "install.h" +#include "label.h" #include "load-dropin.h" #include "load-fragment.h" #include "log.h" @@ -5670,7 +5670,7 @@ static int unit_export_invocation_id(Unit *u) { if (r < 0) return log_unit_debug_errno(u, r, "Failed to get invocation path: %m"); - r = symlink_atomic(u->invocation_id_string, p); + r = symlink_atomic_label(u->invocation_id_string, p); if (r < 0) return log_unit_debug_errno(u, r, "Failed to create invocation ID symlink %s: %m", p); |