From b2408a466fb5d51889ff671c63dbf110bf2d2991 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 24 Sep 2018 12:37:08 -0400 Subject: [PATCH] core: Fix segfault if no selinux-policy package In `--unified-core` mode, we would segfault if `selinux: true` but no policy was found. I hit this while hacking up the manifest for some Red Hat CoreOS work. Closes: #1578 Approved by: jlebon --- src/libpriv/rpmostree-core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libpriv/rpmostree-core.c b/src/libpriv/rpmostree-core.c index 034b50e6..b57a4814 100644 --- a/src/libpriv/rpmostree-core.c +++ b/src/libpriv/rpmostree-core.c @@ -1143,8 +1143,10 @@ commit_has_matching_sepolicy (GVariant *commit, GError **error) { const char *sepolicy_csum_wanted = ostree_sepolicy_get_csum (sepolicy); - g_autofree char *sepolicy_csum = NULL; + if (!sepolicy_csum_wanted) + return glnx_throw (error, "SELinux enabled, but no policy found"); + g_autofree char *sepolicy_csum = NULL; if (!get_commit_sepolicy_csum (commit, &sepolicy_csum, error)) return FALSE;