shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-23 10:50:16 +03:00
Code

core/namespace: relabel bind mount source based on the target path

Browse Source 
Some bind mounts, e.g. /tmp bind mount when PrivateTmp=disconnected,
must be explicitly relabeled because now it would have incorrect SELinux
label. /tmp is expected to have well-known SELinux label, tmp_t. Now it
has label inherited from the source directory of the bind mount.
This commit is contained in:
Michal Sekletar 2025-01-21 15:31:14 +01:00 committed by Lennart Poettering
parent be4f4c4343
commit a128273f7b
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/namespace.c
View File

@ -1809,6 +1809,10 @@ static int apply_one_mount(
r = mkdir_p(mount_entry_source(m), m->source_dir_mode);
if (r < 0)
return log_debug_errno(r, "Failed to create source directory %s: %m", mount_entry_source(m));
r = label_fix_full(AT_FDCWD, mount_entry_source(m), mount_entry_unprefixed_path(m), /* flags= */ 0);
if (r < 0)
return log_error_errno(r, "Failed to set label of the source directory %s: %m", mount_entry_source(m));
}
r = chase(mount_entry_source(m), NULL, CHASE_TRAIL_SLASH, &chased, NULL);