morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 00:47:10 +09:00
Code Issues Packages Projects Releases Wiki Activity

core/socket: use chase_symlinks to find binary inside chroot when looking for SELinux label (#8591)

Browse Source 
This is a follow up for this comment from @poettering:
https://github.com/systemd/systemd/pull/8405#discussion_r175719214

This updates PR #8405.

Tested manually using the same commands in
https://lists.freedesktop.org/archives/systemd-devel/2018-March/040478.html.
This commit is contained in:
Filipe Brandenburger
2018-03-28 00:00:42 -07:00
committed by Zbigniew Jędrzejewski-Szmek
parent 1700f4f42c
commit 2ef044ea1e
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/core/socket.c
View File

@@ -1426,7 +1426,7 @@ fail:
static int socket_determine_selinux_label(Socket *s, char **ret) {
Service *service;
ExecCommand *c;
const char *path;
_cleanup_free_ char *path = NULL;
int r;
assert(s);
@@ -1453,7 +1453,10 @@ static int socket_determine_selinux_label(Socket *s, char **ret) {
if (!c)
goto no_label;
path = prefix_roota(service->exec_context.root_directory, c->path);
r = chase_symlinks(c->path, service->exec_context.root_directory, CHASE_PREFIX_ROOT, &path);
if (r < 0)
goto no_label;
r = mac_selinux_get_create_label_from_exe(path, ret);
if (IN_SET(r, -EPERM, -EOPNOTSUPP))
goto no_label;