mkswap: remove deprecated SELinux matchpathcon()

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/disk-utils/Makemodule.am b/disk-utils/Makemodule.am
index b39aff804e93099b7ad52b1b1faef7380b9d15dc..58f42ea23ea4b97f57a757793460088901ba8a99 100644 (file)
--- a/disk-utils/Makemodule.am
+++ b/disk-utils/Makemodule.am
@@ -66,6 +66,9 @@ mkswap_LDADD += libblkid.la
 endif
 if HAVE_SELINUX
 mkswap_LDADD += -lselinux
+mkswap_SOURCES += \
+       lib/selinux-utils.c \
+       include/selinux-utils.h
 endif
 endif # BUILD_MKSWAP
 

diff --git a/disk-utils/mkswap.c b/disk-utils/mkswap.c
index 2391b3e5086760deebd10dc064f62c1aa5a73f96..add732a930f40176c49601d20a0fc9b5308e56be 100644 (file)
--- a/disk-utils/mkswap.c
+++ b/disk-utils/mkswap.c
@@ -23,6 +23,7 @@
 #ifdef HAVE_LIBSELINUX
 # include <selinux/selinux.h>
 # include <selinux/context.h>
+# include "selinux-utils.h"
 #endif
 #ifdef HAVE_LINUX_FIEMAP_H
 # include <linux/fs.h>
@@ -636,8 +637,11 @@ int main(int argc, char **argv)
                                err(EXIT_FAILURE,
                                        _("%s: unable to obtain selinux file label"),
                                        ctl.devname);
-                       if (matchpathcon(ctl.devname, ctl.devstat.st_mode, &oldcontext))
-                               errx(EXIT_FAILURE, _("unable to matchpathcon()"));
+                       if (ul_selinux_get_default_context(ctl.devname,
+                                               ctl.devstat.st_mode, &oldcontext))
+                               errx(EXIT_FAILURE,
+                                       _("%s: unable to obtain default selinux file label"),
+                                       ctl.devname);
                }
                if (!(newcontext = context_new(oldcontext)))
                        errx(EXIT_FAILURE, _("unable to create new selinux context"));

diff --git a/include/selinux-utils.h b/include/selinux-utils.h
index 20054f6a521dd95a7b1660e7ebf0d1b4fe8e51bc..82c27c8f5309d5318b89364e8cb193d8721efafc 100644 (file)
--- a/include/selinux-utils.h
+++ b/include/selinux-utils.h
@@ -3,5 +3,6 @@
 
 extern int ul_setfscreatecon_from_file(char *orig_file);
 extern int ul_selinux_has_access(const char *classstr, const char *perm, char **user_cxt);
+extern int ul_selinux_get_default_context(const char *path, int st_mode, char **cxt);
 
 #endif

diff --git a/lib/selinux-utils.c b/lib/selinux-utils.c
index bd14d489ac358ceeb7eb0fad7fb72da4956ca323..79425b1cfbb94aa5b0117bc94614e9d8a17faf90 100644 (file)
--- a/lib/selinux-utils.c
+++ b/lib/selinux-utils.c
@@ -1,8 +1,16 @@
+/*
+ * No copyright is claimed.  This code is in the public domain; do with
+ * it what you wish.
+ *
+ * Written by Karel Zak <kzak@redhat.com> [January 2021]
+ */
 #include <selinux/context.h>
 #include <selinux/selinux.h>
+#include <selinux/label.h>
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
+#include <errno.h>
 
 #include "selinux-utils.h"
 
@@ -46,3 +54,25 @@ int ul_selinux_has_access(const char *classstr, const char *perm, char **user_cx
        return rc == 0 ? 1 : 0;
 }
 
+/* return 0 on success, 0 on error; @cxt returns the default context for @path
+ * and @st_mode (stat())
+ */
+int ul_selinux_get_default_context(const char *path, int st_mode, char **cxt)
+{
+       struct selabel_handle *hnd;
+       struct selinux_opt options[SELABEL_NOPT] = {};
+       int rc = 0;
+
+       *cxt = NULL;
+
+       hnd = selabel_open(SELABEL_CTX_FILE, options, SELABEL_NOPT);
+       if (!hnd)
+               return -errno;
+
+       if (selabel_lookup(hnd, cxt, path, st_mode) != 0)
+               rc = -errno
+                       ;
+       selabel_close(hnd);
+
+       return rc;
+}