Reloading the SELinux label cache here enables a light-wight follow-up of a SELinux policy change, e.g. adding a label for a RuntimeDirectory.
Closes: #13363
#endif
}
+void mac_selinux_reload(void) {
+
+#if HAVE_SELINUX
+ struct selabel_handle *backup_label_hnd;
+
+ if (!label_hnd)
+ return;
+
+ backup_label_hnd = TAKE_PTR(label_hnd);
+
+ /* try to initialize new handle
+ * on success close backup
+ * on failure restore backup */
+ if (mac_selinux_init() == 0)
+ selabel_close(backup_label_hnd);
+ else
+ label_hnd = backup_label_hnd;
+#endif
+}
+
int mac_selinux_fix(const char *path, LabelFixFlags flags) {
#if HAVE_SELINUX
int mac_selinux_init(void);
void mac_selinux_finish(void);
+void mac_selinux_reload(void);
int mac_selinux_fix(const char *path, LabelFixFlags flags);
int mac_selinux_apply(const char *path, const char *label);
saved_log_level = m->log_level_overridden ? log_get_max_level() : -1;
saved_log_target = m->log_target_overridden ? log_get_target() : _LOG_TARGET_INVALID;
+ mac_selinux_reload();
+
(void) parse_configuration(saved_rlimit_nofile, saved_rlimit_memlock);
set_manager_defaults(m);
projects / thirdparty / systemd.git / commitdiff
