diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2014-07-21 20:56:29 -0400 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2014-07-21 20:57:39 -0400 |
| commit | 7dbb1d08f66cd44b1296be3ee8e3629b989e19a8 (patch) | |
| tree | ac634b608773a6351b2c5d0a8d8c36cf9f290b7d | |
| parent | 9f1c19405a1ccaf59dcc8c32c13a1619541189ad (diff) | |
update-done: set proper selinux context for .updated
https://bugzilla.redhat.com/show_bug.cgi?id=1121806
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rw-r--r-- | src/update-done/update-done.c | 25 |
2 files changed, 21 insertions, 5 deletions
diff --git a/Makefile.am b/Makefile.am index 1e4cfb31f..1cb771238 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1771,6 +1771,7 @@ systemd_update_done_SOURCES = \ systemd_update_done_LDADD = \ libsystemd-internal.la \ + libsystemd-label.la \ libsystemd-shared.la # ------------------------------------------------------------------------------ diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c index 10ba85ca9..b199a6897 100644 --- a/src/update-done/update-done.c +++ b/src/update-done/update-done.c @@ -20,6 +20,7 @@ ***/ #include "util.h" +#include "label.h" static int apply_timestamp(const char *path, struct timespec *ts) { struct timespec twice[2]; @@ -51,10 +52,20 @@ static int apply_timestamp(const char *path, struct timespec *ts) { } else if (errno == ENOENT) { _cleanup_close_ int fd = -1; + int r; /* The timestamp file doesn't exist yet? Then let's create it. */ + r = label_context_set(path, S_IFREG); + if (r < 0) { + log_error("Failed to set SELinux context for %s: %s", + path, strerror(-r)); + return r; + } + fd = open(path, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644); + label_context_clear(); + if (fd < 0) { if (errno == EROFS) { @@ -83,7 +94,7 @@ static int apply_timestamp(const char *path, struct timespec *ts) { int main(int argc, char *argv[]) { struct stat st; - int r, q; + int r, q = 0; log_set_target(LOG_TARGET_AUTO); log_parse_environment(); @@ -94,11 +105,15 @@ int main(int argc, char *argv[]) { return EXIT_FAILURE; } - r = apply_timestamp("/etc/.updated", &st.st_mtim); + r = label_init(NULL); + if (r < 0) { + log_error("SELinux setup failed: %s", strerror(-r)); + goto finish; + } + r = apply_timestamp("/etc/.updated", &st.st_mtim); q = apply_timestamp("/var/.updated", &st.st_mtim); - if (q < 0 && r == 0) - r = q; - return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; +finish: + return r < 0 || q < 0 ? EXIT_FAILURE : EXIT_SUCCESS; } |