Merge pull request #1212 from again4you/devel/fix_smack_label_#3

Wrong smack label of the symlink in CGROUP root directory when enabling '--with-smack-run-label' (v3)
2024-12-26 03:22:00 +03:00 · 2015-09-09 14:01:26 +02:00 · 2015-09-09 14:01:26 +02:00 · 542a69a284
commit 542a69a284
parent 9c00a6adfa f8c1a81c51
3 changed files with 27 additions and 1 deletions
--- a/src/basic/smack-util.c
+++ b/src/basic/smack-util.c
@ -185,6 +185,23 @@ int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
        return r;
 }

+int mac_smack_copy(const char *dest, const char *src) {
+        int r = 0;
+        _cleanup_free_ char *label = NULL;
+
+        assert(dest);
+        assert(src);
+
+        r = mac_smack_read(src, SMACK_ATTR_ACCESS, &label);
+        if (r < 0)
+                return r;
+
+        r = mac_smack_apply(dest, SMACK_ATTR_ACCESS, label);
+        if (r < 0)
+                return r;
+
+        return r;
+}

 #else
 bool mac_smack_use(void) {
@ -214,4 +231,8 @@ int mac_smack_apply_pid(pid_t pid, const char *label) {
 int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
        return 0;
 }
+
+int mac_smack_copy(const char *dest, const char *src) {
+        return 0;
+}
 #endif
--- a/src/basic/smack-util.h
+++ b/src/basic/smack-util.h
@ -48,5 +48,5 @@ int mac_smack_read(const char *path, SmackAttr attr, char **label);
 int mac_smack_read_fd(int fd, SmackAttr attr, char **label);
 int mac_smack_apply(const char *path, SmackAttr attr, const char *label);
 int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label);
-
 int mac_smack_apply_pid(pid_t pid, const char *label);
+int mac_smack_copy(const char *dest, const char *src);
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@ -303,6 +303,11 @@ int mount_cgroup_controllers(char ***join_controllers) {
                                r = symlink(options, t);
                                if (r < 0 && errno != EEXIST)
                                        return log_error_errno(errno, "Failed to create symlink %s: %m", t);
+#ifdef SMACK_RUN_LABEL
+                                r = mac_smack_copy(t, options);
+                                if (r < 0 && r != -EOPNOTSUPP)
+                                        return log_error_errno(r, "Failed to copy smack label from %s to %s: %m", options, t);
+#endif
                        }
                }
        }