shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-11 09:18:07 +03:00
Code

basic: mac_[selinux,smack]_apply_fd does not work when applying labels

Browse Source 
Commit a7fdc6c introduced a regression where file descriptors are opened
using O_PATH option. mac_smack_apply_fd() calls fsetxattr() and would fail
with a -EBADF (Bad file descriptor) error.

Use FORMAT_PROC_FD_PATH(fd) to convert the fd back into a full path and
call setxattr() or setfilecon() instead.

Signed-off-by: Donald Chan <hoiho@amazon.com>
This commit is contained in:
Donald Chan 2022-01-28 22:53:46 +00:00 committed by Yu Watanabe
parent 5b2d0f9efd
commit a718364e9d
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/shared/selinux-util.c
View File

@ -346,7 +346,7 @@ int mac_selinux_apply_fd(int fd, const char *path, const char *label) {
assert(label);
if (fsetfilecon(fd, label) < 0)
if (setfilecon(FORMAT_PROC_FD_PATH(fd), label) < 0)
return log_enforcing_errno(errno, "Failed to set SELinux security context %s on path %s: %m", label, strna(path));
#endif
return 0;

4
src/shared/smack-util.c
View File

@ -95,9 +95,9 @@ int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) {
return 0;
if (label)
r = fsetxattr(fd, smack_attr_to_string(attr), label, strlen(label), 0);
r = setxattr(FORMAT_PROC_FD_PATH(fd), smack_attr_to_string(attr), label, strlen(label), 0);
else
r = fremovexattr(fd, smack_attr_to_string(attr));
r = removexattr(FORMAT_PROC_FD_PATH(fd), smack_attr_to_string(attr));
if (r < 0)
return -errno;