]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/core/execute.c
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 05c4aff) | patch
mac: rework labelling code to be simpler, and less racy
authorLennart Poettering <lennart@poettering.net>
Fri, 8 Jul 2022 08:05:57 +0000 (10:05 +0200)
committerLennart Poettering <lennart@poettering.net>
Fri, 8 Jul 2022 15:43:49 +0000 (17:43 +0200)
commit03bc11d1c491d6b8fed1e43c2929790d004d7367
tree5021f0a3c79c7cfa44c174ab0dbaf947bbbd96e6tree | snapshot
parent05c4affe04b5592c5786e5313e3edd1f36b1aca8commit | diff
mac: rework labelling code to be simpler, and less racy

This merges the various labelling calls into a single label_fix_full(),
which can operate on paths, on inode fds, and in a dirfd/fname style
(i.e. like openat()). It also systematically separates the path to look
up in the db from the path we actually use to reference the inode to
relabel.

This then ports tmpfiles over to labelling by fd. This should make the
code a bit less racy, as we'll try hard to always operate on the very
same inode, pinning it via an fd.

User-visibly the behaviour should not change.
src/core/execute.c diff | blob | blame | history
src/core/namespace.c diff | blob | blame | history
src/shared/label.c diff | blob | blame | history
src/shared/label.h diff | blob | blame | history
src/shared/mkdir-label.c diff | blob | blame | history
src/shared/selinux-util.c diff | blob | blame | history
src/shared/selinux-util.h diff | blob | blame | history
src/shared/smack-util.c diff | blob | blame | history
src/shared/smack-util.h diff | blob | blame | history
src/tmpfiles/tmpfiles.c diff | blob | blame | history
src/udev/udev-node.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.