checkout: don't apply SELinux labeling in user mode

If the user requested a user checkout, we don't want to set the SELinux label xattr. Closes: #903 Approved by: cgwalters
2025-03-19 22:50:35 +03:00 · 2017-06-02 10:06:50 -04:00 · 2017-06-02 10:06:50 -04:00 · 3ec2b5773e
commit 3ec2b5773e
parent c651982929
1 changed files with 3 additions and 3 deletions
--- a/src/libostree/ostree-repo-checkout.c
+++ b/src/libostree/ostree-repo-checkout.c
@ -261,14 +261,14 @@ create_file_copy_from_input_at (OstreeRepo     *repo,
                                        &tmpf, error))
        return FALSE;

-      if (sepolicy_enabled)
+      if (sepolicy_enabled && options->mode != OSTREE_REPO_CHECKOUT_MODE_USER)
        {
          g_autofree char *label = NULL;
-          if (!ostree_sepolicy_get_label (options->sepolicy,
-                                          state->selabel_path_buf->str,
+          if (!ostree_sepolicy_get_label (options->sepolicy, state->selabel_path_buf->str,
                                          g_file_info_get_attribute_uint32 (file_info, "unix::mode"),
                                          &label, cancellable, error))
            return FALSE;
+
          if (fsetxattr (tmpf.fd, "security.selinux", label, strlen (label), 0) < 0)
            return glnx_throw_errno_prefix (error, "Setting security.selinux");
        }