if (m->dev_autofs_fd >= 0)
return m->dev_autofs_fd;
- label_fix("/dev/autofs", false);
+ label_fix("/dev/autofs", false, false);
if ((m->dev_autofs_fd = open("/dev/autofs", O_CLOEXEC|O_RDONLY)) < 0) {
log_error("Failed to open /dev/autofs: %s", strerror(errno));
/* Relabel first, just in case */
if (relabel)
- label_fix(p->where, true);
+ label_fix(p->where, true, true);
if ((r = path_is_mount_point(p->where, true)) < 0)
return r;
/* Relabel again, since we now mounted something fresh here */
if (relabel)
- label_fix(p->where, false);
+ label_fix(p->where, false, false);
return 1;
}
if (_unlikely_(ftwbuf->level == 0))
return FTW_CONTINUE;
- label_fix(fpath, true);
+ label_fix(fpath, false, false);
/* /run/initramfs is static data and big, no need to
* dynamically relabel its contents at boot... */
/* Explicitly relabel these */
NULSTR_FOREACH(j, relabel)
- label_fix(j, true);
+ label_fix(j, true, false);
after_relabel = now(CLOCK_MONOTONIC);
return r;
}
-int label_fix(const char *path, bool ignore_enoent) {
+int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
int r = 0;
#ifdef HAVE_SELINUX
if (ignore_enoent && errno == ENOENT)
return 0;
+ if (ignore_erofs && errno == EROFS)
+ return 0;
+
log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG,
"Unable to fix label of %s: %m", path);
r = security_getenforce() == 1 ? -errno : 0;
int label_init(const char *prefix);
void label_finish(void);
-int label_fix(const char *path, bool ignore_enoent);
+int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs);
int label_socket_set(const char *label);
void label_socket_clear(void);
return -errno;
}
- return label_fix(path, false);
+ return label_fix(path, false, false);
}
static int recursive_relabel_children(Item *i, const char *path) {
buf[len] = '\0';
if (strcmp(target, buf) == 0) {
log_debug("preserve already existing symlink '%s' to '%s'\n", slink, target);
- label_fix(slink, true);
+ label_fix(slink, true, false);
utimensat(AT_FDCWD, slink, NULL, AT_SYMLINK_NOFOLLOW);
goto exit;
}
* something else has set a custom context in the meantime.
*/
if (strcmp(udev_device_get_action(dev), "add") == 0)
- label_fix(devnode, true);
+ label_fix(devnode, true, false);
/* always update timestamp when we re-use the node, like on media change events */
utimensat(AT_FDCWD, devnode, NULL, 0);