97 lines
2.5 KiB
Diff
97 lines
2.5 KiB
Diff
From 930b92690761038f33b80566896d2abf5950a55e Mon Sep 17 00:00:00 2001
|
|
From: Christopher Byrne <salah.coronya@gmail.com>
|
|
Date: Dec 21 2023 07:53:58 +0000
|
|
Subject: src, build: Replace SELinux deprecated functions
|
|
|
|
|
|
matchpathcon_init and matchpathcon have been replaced with
|
|
selabel_open and selabel_lookup. security_context_t is now just char*
|
|
|
|
Fixes: https://pagure.io/oddjob/issue/10
|
|
|
|
Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
|
|
|
|
---
|
|
|
|
diff --git a/src/oddjobd.c b/src/oddjobd.c
|
|
index b27b678..fa61f8a 100644
|
|
--- a/src/oddjobd.c
|
|
+++ b/src/oddjobd.c
|
|
@@ -1947,7 +1947,7 @@ oddjobd_exec_method(struct oddjob_dbus_context *ctx,
|
|
/* Set up the SELinux execution context. */
|
|
if (globals.selinux_enabled) {
|
|
const char *client_secontext;
|
|
- security_context_t helper_context, exec_context;
|
|
+ char *helper_context, *exec_context;
|
|
|
|
client_secontext = oddjob_dbus_message_get_selinux_context(msg);
|
|
if (client_secontext == NULL) {
|
|
diff --git a/src/selinux.c b/src/selinux.c
|
|
index d2482cf..454eb3f 100644
|
|
--- a/src/selinux.c
|
|
+++ b/src/selinux.c
|
|
@@ -45,12 +45,7 @@
|
|
#ifdef SELINUX_LABELS
|
|
|
|
#include <selinux/selinux.h>
|
|
-
|
|
-#ifndef HAVE_MATCHPATHCON_INIT
|
|
-static void
|
|
-matchpathcon_init(const char *path) {
|
|
-}
|
|
-#endif
|
|
+#include <selinux/label.h>
|
|
|
|
static dbus_bool_t
|
|
oddjob_check_selinux_enabled(void)
|
|
@@ -58,9 +53,6 @@ oddjob_check_selinux_enabled(void)
|
|
static int selinux_enabled = -1;
|
|
if (selinux_enabled == -1) {
|
|
selinux_enabled = is_selinux_enabled();
|
|
- if (selinux_enabled == 1) {
|
|
- matchpathcon_init(NULL);
|
|
- }
|
|
}
|
|
return (selinux_enabled == 1);
|
|
}
|
|
@@ -68,24 +60,28 @@ oddjob_check_selinux_enabled(void)
|
|
void
|
|
oddjob_set_selinux_file_creation_context(const char *path, mode_t mode)
|
|
{
|
|
- security_context_t context;
|
|
+ struct selabel_handle *handle;
|
|
+ char *context;
|
|
|
|
if (!oddjob_check_selinux_enabled()) {
|
|
return;
|
|
}
|
|
|
|
- context = NULL;
|
|
- if (matchpathcon(path, mode, &context) == 0) {
|
|
- if (context != NULL) {
|
|
- if (strcmp(context, "<<none>>") == 0) {
|
|
- oddjob_unset_selinux_file_creation_context();
|
|
+ handle = selabel_open(SELABEL_CTX_FILE,NULL,0);
|
|
+ if (handle) {
|
|
+ if (selabel_lookup(handle,&context,path,mode) == 0) {
|
|
+ if (context != NULL) {
|
|
+ if (strcmp(context, "<<none>>") == 0) {
|
|
+ oddjob_unset_selinux_file_creation_context();
|
|
+ } else {
|
|
+ setfscreatecon(context);
|
|
+ }
|
|
+ freecon(context);
|
|
} else {
|
|
- setfscreatecon(context);
|
|
- }
|
|
- freecon(context);
|
|
- } else {
|
|
oddjob_unset_selinux_file_creation_context();
|
|
+ }
|
|
}
|
|
+ selabel_close(handle);
|
|
}
|
|
}
|
|
|
|
|