$(top_srcdir)/lib/xgetpass.c \
$(top_srcdir)/lib/strutils.c
-mount_LDADD = $(ul_libmount_la)
+mount_LDADD = $(ul_libmount_la) $(SELINUX_LIBS)
mount_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir)
mount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
mount_static_SOURCES = $(mount_SOURCES)
mount_static_CFLAGS = $(mount_CFLAGS)
mount_static_LDFLAGS = $(mount_LDFLAGS) -all-static
-mount_static_LDADD = $(mount_LDADD)
+mount_static_LDADD = $(mount_LDADD) $(SELINUX_LIBS_STATIC)
endif
if HAVE_STATIC_UMOUNT
umount_static_LDFLAGS = $(umount_LDFLAGS) -all-static
umount_static_LDADD = $(umount_LDADD)
endif
-
endif # BUILD_NEW_MOUNT
return EX_FAIL;
}
+#if defined(HAVE_LIBSELINUX) && defined(HAVE_SECURITY_GET_INITIAL_CONTEXT)
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+
+static void selinux_warning(struct libmnt_context *cxt, const char *tgt)
+{
+
+ if (tgt && mnt_context_is_verbose(cxt) && is_selinux_enabled() > 0) {
+ security_context_t raw = NULL, def = NULL;
+
+ if (getfilecon(tgt, &raw) > 0
+ && security_get_initial_context("file", &def) == 0) {
+
+ if (!selinux_file_context_cmp(raw, def))
+ printf(_(
+ "mount: %s does not contain SELinux labels.\n"
+ " You just mounted an file system that supports labels which does not\n"
+ " contain labels, onto an SELinux box. It is likely that confined\n"
+ " applications will generate AVC messages and not be allowed access to\n"
+ " this file system. For more details see restorecon(8) and mount(8).\n"),
+ tgt);
+ }
+ freecon(raw);
+ freecon(def);
+ }
+}
+#else
+# define selinux_warning(_x)
+#endif
+
+
/*
* rc = 0 success
* <0 error (usually -errno or -1)
*/
return mnt_context_get_helper_status(cxt);
- if (rc == 0 && mnt_context_get_status(cxt) == 1)
+ if (rc == 0 && mnt_context_get_status(cxt) == 1) {
/*
* Libmount success && syscall success.
*/
+ selinux_warning(cxt, tgt);
+
return EX_SUCCESS; /* mount(2) success */
+ }
if (!mnt_context_syscall_called(cxt)) {
/*
projects / thirdparty / util-linux.git / commitdiff
