mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

daemon/selinux-relabel: tolerate relabeling errors

Browse Source 
Option "-C" of setfiles(8) causes setfiles(8) to exit with status 1 rather
than status 255 if it encounters relabeling errors, but no other (fatal)
error. Pass "-C" to setfiles(8) in "selinux-relabel", because we don't
want the "selinux-relabel" API to fail if setfiles(8) only encounters
relabeling errors.

(NB even without "-C", setfiles(8) continues traversing the directory
tree(s) and relabeling files across relabeling errors, so this change is
specifically about the exit status.)

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1794518
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220511122345.14208-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit a39b79f607)
This commit is contained in:
Laszlo Ersek
2022-05-11 14:23:45 +02:00
committed by Richard W.M. Jones
parent bba14f9cfb
commit dcfa38512d
1 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
daemon/selinux-relabel.c
View File

@@ -59,11 +59,13 @@ do_selinux_relabel (const char *specfile, const char *path,
int force)
{
static int flag_m = -1;
static int flag_C = -1;
const char *argv[MAX_ARGS];
CLEANUP_FREE char *s_dev = NULL, *s_proc = NULL, *s_selinux = NULL,
*s_sys = NULL, *s_specfile = NULL, *s_path = NULL;
CLEANUP_FREE char *err = NULL;
size_t i = 0;
int setfiles_status;
s_dev = sysroot_path ("/dev");
if (!s_dev) {
@@ -107,6 +109,13 @@ do_selinux_relabel (const char *specfile, const char *path,
if (setfiles_has_option (&flag_m, 'm'))
ADD_ARG (argv, i, "-m");
/* Not only do we want setfiles to trudge through individual relabeling
* errors, we also want the setfiles exit status to differentiate a fatal
* error from "relabeling errors only". See RHBZ#1794518.
*/
if (setfiles_has_option (&flag_C, 'C'))
ADD_ARG (argv, i, "-C");
/* Relabelling in a chroot. */
if (STRNEQ (sysroot, "/")) {
ADD_ARG (argv, i, "-r");
@@ -124,10 +133,10 @@ do_selinux_relabel (const char *specfile, const char *path,
ADD_ARG (argv, i, s_path);
ADD_ARG (argv, i, NULL);
if (commandv (NULL, &err, argv) == -1) {
reply_with_error ("%s", err);
return -1;
}
setfiles_status = commandrv (NULL, &err, argv);
if ((setfiles_status == 0) || (setfiles_status == 1 && flag_C))
return 0;
return 0;
reply_with_error ("%s", err);
return -1;
}