selinux: add mac_selinux_create_file_prepare_label helper

Allow to use setfscreatecon with a custom label rather than the default
2025-03-06 00:58:29 +03:00 · 2021-09-17 12:42:18 +01:00 · 2021-09-17 12:42:18 +01:00 · 6f7ccbcc74
commit 6f7ccbcc74
parent f621b8d773
2 changed files with 16 additions and 0 deletions
--- a/src/shared/selinux-util.c
+++ b/src/shared/selinux-util.c
@ -562,6 +562,21 @@ int mac_selinux_create_file_prepare(const char *path, mode_t mode) {
 #endif
 }

+int mac_selinux_create_file_prepare_label(const char *path, const char *label) {
+#if HAVE_SELINUX
+
+        if (!label)
+                return 0;
+
+        if (!mac_selinux_use())
+                return 0;
+
+        if (setfscreatecon_raw(label) < 0)
+                return log_enforcing_errno(errno, "Failed to set specified SELinux security context '%s' for '%s': %m", label, strna(path));
+#endif
+        return 0;
+}
+
 void mac_selinux_create_file_clear(void) {

 #if HAVE_SELINUX
--- a/src/shared/selinux-util.h
+++ b/src/shared/selinux-util.h
@ -43,6 +43,7 @@ char* mac_selinux_free(char *label);

 int mac_selinux_create_file_prepare(const char *path, mode_t mode);
 int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode);
+int mac_selinux_create_file_prepare_label(const char *path, const char *label);
 void mac_selinux_create_file_clear(void);

 int mac_selinux_create_socket_prepare(const char *label);