From 62ae78fdcc50515d292f7622aeff7a89a5b2bfd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 21 Jul 2014 20:56:29 -0400 Subject: [PATCH] update-done: set proper selinux context for .updated https://bugzilla.redhat.com/show_bug.cgi?id=1121806 (cherry picked from commit 7dbb1d08f66cd44b1296be3ee8e3629b989e19a8) --- Makefile.am | 1 + src/update-done/update-done.c | 25 ++++++++++++++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/Makefile.am b/Makefile.am index 53f82f9fce..764a4fde58 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1724,6 +1724,7 @@ systemd_update_done_SOURCES = \ systemd_update_done_LDADD = \ libsystemd-internal.la \ + libsystemd-label.la \ libsystemd-shared.la # ------------------------------------------------------------------------------ diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c index 10ba85ca92..b199a68972 100644 --- a/src/update-done/update-done.c +++ b/src/update-done/update-done.c @@ -20,6 +20,7 @@ ***/ #include "util.h" +#include "label.h" static int apply_timestamp(const char *path, struct timespec *ts) { struct timespec twice[2]; @@ -51,10 +52,20 @@ static int apply_timestamp(const char *path, struct timespec *ts) { } else if (errno == ENOENT) { _cleanup_close_ int fd = -1; + int r; /* The timestamp file doesn't exist yet? Then let's create it. */ + r = label_context_set(path, S_IFREG); + if (r < 0) { + log_error("Failed to set SELinux context for %s: %s", + path, strerror(-r)); + return r; + } + fd = open(path, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644); + label_context_clear(); + if (fd < 0) { if (errno == EROFS) { @@ -83,7 +94,7 @@ static int apply_timestamp(const char *path, struct timespec *ts) { int main(int argc, char *argv[]) { struct stat st; - int r, q; + int r, q = 0; log_set_target(LOG_TARGET_AUTO); log_parse_environment(); @@ -94,11 +105,15 @@ int main(int argc, char *argv[]) { return EXIT_FAILURE; } - r = apply_timestamp("/etc/.updated", &st.st_mtim); + r = label_init(NULL); + if (r < 0) { + log_error("SELinux setup failed: %s", strerror(-r)); + goto finish; + } + r = apply_timestamp("/etc/.updated", &st.st_mtim); q = apply_timestamp("/var/.updated", &st.st_mtim); - if (q < 0 && r == 0) - r = q; - return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; +finish: + return r < 0 || q < 0 ? EXIT_FAILURE : EXIT_SUCCESS; }