From 6f7ccbcc747e7006eba250a38684d7f7bf52b334 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 17 Sep 2021 12:42:18 +0100 Subject: [PATCH] selinux: add mac_selinux_create_file_prepare_label helper Allow to use setfscreatecon with a custom label rather than the default --- src/shared/selinux-util.c | 15 +++++++++++++++ src/shared/selinux-util.h | 1 + 2 files changed, 16 insertions(+) diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c index 34e78e6792a..ca92a65efc5 100644 --- a/src/shared/selinux-util.c +++ b/src/shared/selinux-util.c @@ -562,6 +562,21 @@ int mac_selinux_create_file_prepare(const char *path, mode_t mode) { #endif } +int mac_selinux_create_file_prepare_label(const char *path, const char *label) { +#if HAVE_SELINUX + + if (!label) + return 0; + + if (!mac_selinux_use()) + return 0; + + if (setfscreatecon_raw(label) < 0) + return log_enforcing_errno(errno, "Failed to set specified SELinux security context '%s' for '%s': %m", label, strna(path)); +#endif + return 0; +} + void mac_selinux_create_file_clear(void) { #if HAVE_SELINUX diff --git a/src/shared/selinux-util.h b/src/shared/selinux-util.h index 1095bdef0ee..4147a3ad506 100644 --- a/src/shared/selinux-util.h +++ b/src/shared/selinux-util.h @@ -43,6 +43,7 @@ char* mac_selinux_free(char *label); int mac_selinux_create_file_prepare(const char *path, mode_t mode); int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode); +int mac_selinux_create_file_prepare_label(const char *path, const char *label); void mac_selinux_create_file_clear(void); int mac_selinux_create_socket_prepare(const char *label); -- 2.47.3