selinux/systemctl: create unit file with default context on edit

author Christian Göttsche <cgzones@googlemail.com>

Tue, 1 Sep 2020 15:45:11 +0000 (17:45 +0200)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Wed, 2 Sep 2020 07:07:59 +0000 (09:07 +0200)
author Christian Göttsche <cgzones@googlemail.com>
Tue, 1 Sep 2020 15:45:11 +0000 (17:45 +0200)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 2 Sep 2020 07:07:59 +0000 (09:07 +0200)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c

index 592c27c27f3125b0b57a59cfec92802b5f5124e6..e22efb92ac5058fa5aac611cfe6b689b9179bff1 100644 (file)
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -7313,19 +7313,30 @@ static int create_edit_temp_file(const char *new_path, const char *original_path
          if (r < 0)
                  return log_error_errno(r, "Failed to determine temporary filename for \"%s\": %m", new_path);
  
-        r = mkdir_parents(new_path, 0755);
+        r = mkdir_parents_label(new_path, 0755);
          if (r < 0)
                  return log_error_errno(r, "Failed to create directories for \"%s\": %m", new_path);
  
+        r = mac_selinux_create_file_prepare(original_path, S_IFREG);
+        if (r < 0)
+                return r;
+
          r = copy_file(original_path, t, 0, 0644, 0, 0, COPY_REFLINK);
          if (r == -ENOENT) {
  
                  r = touch(t);
+
+                mac_selinux_create_file_clear();
+
                  if (r < 0)
                          return log_error_errno(r, "Failed to create temporary file \"%s\": %m", t);
  
-        } else if (r < 0)
-                return log_error_errno(r, "Failed to create temporary file for \"%s\": %m", new_path);
+        } else {
+                mac_selinux_create_file_clear();
+
+                if (r < 0)
+                         return log_error_errno(r, "Failed to create temporary file for \"%s\": %m", new_path);
+        }
  
          *ret_tmp_fn = TAKE_PTR(t);
  
@@ -7604,6 +7615,10 @@ static int edit(int argc, char *argv[], void *userdata) {
          if (r < 0)
                  return log_error_errno(r, "Failed to determine unit paths: %m");
  
+        r = mac_selinux_init();
+        if (r < 0)
+                return r;
+
          r = acquire_bus(BUS_MANAGER, &bus);
          if (r < 0)
                  return r;
author	Christian Göttsche <cgzones@googlemail.com>
	Tue, 1 Sep 2020 15:45:11 +0000 (17:45 +0200)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 2 Sep 2020 07:07:59 +0000 (09:07 +0200)