From: Donald Chan Date: Fri, 28 Jan 2022 22:53:46 +0000 (+0000) Subject: basic: mac_[selinux,smack]_apply_fd does not work when applying labels X-Git-Tag: v251-rc1~418 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a718364e9d9242cc2111c9860f2ab5bb9bb26db9;p=thirdparty%2Fsystemd.git basic: mac_[selinux,smack]_apply_fd does not work when applying labels Commit a7fdc6c introduced a regression where file descriptors are opened using O_PATH option. mac_smack_apply_fd() calls fsetxattr() and would fail with a -EBADF (Bad file descriptor) error. Use FORMAT_PROC_FD_PATH(fd) to convert the fd back into a full path and call setxattr() or setfilecon() instead. Signed-off-by: Donald Chan --- diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c index a1359a5bfd3..67ea8581422 100644 --- a/src/shared/selinux-util.c +++ b/src/shared/selinux-util.c @@ -346,7 +346,7 @@ int mac_selinux_apply_fd(int fd, const char *path, const char *label) { assert(label); - if (fsetfilecon(fd, label) < 0) + if (setfilecon(FORMAT_PROC_FD_PATH(fd), label) < 0) return log_enforcing_errno(errno, "Failed to set SELinux security context %s on path %s: %m", label, strna(path)); #endif return 0; diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c index b8434b068ca..0df1778cb2d 100644 --- a/src/shared/smack-util.c +++ b/src/shared/smack-util.c @@ -95,9 +95,9 @@ int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) { return 0; if (label) - r = fsetxattr(fd, smack_attr_to_string(attr), label, strlen(label), 0); + r = setxattr(FORMAT_PROC_FD_PATH(fd), smack_attr_to_string(attr), label, strlen(label), 0); else - r = fremovexattr(fd, smack_attr_to_string(attr)); + r = removexattr(FORMAT_PROC_FD_PATH(fd), smack_attr_to_string(attr)); if (r < 0) return -errno;