morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity

core/selinux-setup: actually skip setup gracefully when libselinux is not available (#39859)

Browse Source
This commit is contained in:
Yu Watanabe
2025-11-23 09:11:32 +09:00
committed by GitHub
parent dd281e19a7 375a4bd878
commit 2d82ebf600
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/exec-invoke.c
View File

@@ -5732,7 +5732,7 @@ int exec_invoke(
/* We need setresuid() if the caller asked us to apply sandboxing and the command isn't explicitly
* excepted from either whole sandboxing or just setresuid() itself. */
needs_setuid = (params->flags & EXEC_APPLY_SANDBOXING) && !(command->flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID));
needs_setuid = needs_sandboxing && !FLAGS_SET(command->flags, EXEC_COMMAND_NO_SETUID);
uint64_t capability_ambient_set = context->capability_ambient_set;

6
src/core/selinux-setup.c
View File

@@ -19,8 +19,10 @@ int mac_selinux_setup(bool *loaded_policy) {
int r;
r = dlopen_libselinux();
if (r < 0)
return log_debug_errno(r, "No SELinux library available, skipping setup: %m");
if (r < 0) {
log_debug_errno(r, "No SELinux library available, skipping setup.");
return 0;
}
mac_selinux_disable_logging();