selinux: always try to load the full selinux db

author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Wed, 2 Mar 2016 01:35:55 +0000 (20:35 -0500)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Wed, 2 Mar 2016 01:39:30 +0000 (20:39 -0500)
author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 2 Mar 2016 01:35:55 +0000 (20:35 -0500)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 2 Mar 2016 01:39:30 +0000 (20:39 -0500)
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c

index 6c63b9d65250d82d00146f33f704048a26405b38..71ceac1bcd2bf5252005ce6f3e2630f5368bf9b5 100644 (file)
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -80,31 +80,23 @@ void mac_selinux_retest(void) {
  #endif
  }
  
-int mac_selinux_init(const char *prefix) {
+int mac_selinux_init(void) {
          int r = 0;
  
  #ifdef HAVE_SELINUX
          usec_t before_timestamp, after_timestamp;
          struct mallinfo before_mallinfo, after_mallinfo;
  
-        if (!mac_selinux_use())
+        if (label_hnd)
                  return 0;
  
-        if (label_hnd)
+        if (!mac_selinux_use())
                  return 0;
  
          before_mallinfo = mallinfo();
          before_timestamp = now(CLOCK_MONOTONIC);
  
-        if (prefix) {
-                struct selinux_opt options[] = {
-                        { .type = SELABEL_OPT_SUBSET, .value = prefix },
-                };
-
-                label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));
-        } else
-                label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
-
+        label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
          if (!label_hnd) {
                  log_enforcing("Failed to initialize SELinux context: %m");
                  r = security_getenforce() == 1 ? -errno : 0;
diff --git a/src/basic/selinux-util.h b/src/basic/selinux-util.h

index 27e8edb41b457e1a32e502da7a004c98dbfed4aa..ce6bc8e44c1eb49d13c75aabf7dc2abdb43420c4 100644 (file)
--- a/src/basic/selinux-util.h
+++ b/src/basic/selinux-util.h
@@ -29,7 +29,7 @@ bool mac_selinux_use(void);
  bool mac_selinux_have(void);
  void mac_selinux_retest(void);
  
-int mac_selinux_init(const char *prefix);
+int mac_selinux_init(void);
  void mac_selinux_finish(void);
  
  int mac_selinux_fix(const char *path, bool ignore_enoent, bool ignore_erofs);
diff --git a/src/core/main.c b/src/core/main.c

index 02c0488208e070b7cae05c421675ba2a3ab902f2..1783b9c7af127922108de0b2bdd98273425bccd7 100644 (file)
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1369,7 +1369,7 @@ int main(int argc, char *argv[]) {
                          dual_timestamp_get(&security_finish_timestamp);
                  }
  
-                if (mac_selinux_init(NULL) < 0) {
+                if (mac_selinux_init() < 0) {
                          error_message = "Failed to initialize SELinux policy";
                          goto finish;
                  }
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c

index c37e32e96b7bfa3e633a04d93d2b2c57efd173da..d11756e615196e78fb669ee942d5e99539ab4af1 100644 (file)
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -706,7 +706,7 @@ int main(int argc, char *argv[]) {
          log_open();
  
          umask(0022);
-        mac_selinux_init("/etc");
+        mac_selinux_init();
  
          if (argc != 1) {
                  log_error("This program takes no arguments.");
diff --git a/src/locale/localed.c b/src/locale/localed.c

index cc86c61edb8a7e71f34628b127334ac4a0147cc0..46405ca68a11486fb01312415db5d4e2e1cbd985 100644 (file)
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -1296,7 +1296,7 @@ int main(int argc, char *argv[]) {
          log_open();
  
          umask(0022);
-        mac_selinux_init("/etc");
+        mac_selinux_init();
  
          if (argc != 1) {
                  log_error("This program takes no arguments.");
diff --git a/src/login/logind.c b/src/login/logind.c

index 933602eb087154415a31bc4e7076259fbd2fcb13..d5f6757bd3c017aec37d0effd3e4f3490a48ec34 100644 (file)
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -1126,7 +1126,7 @@ int main(int argc, char *argv[]) {
                  goto finish;
          }
  
-        r = mac_selinux_init("/run");
+        r = mac_selinux_init();
          if (r < 0) {
                  log_error_errno(r, "Could not initialize labelling: %m");
                  goto finish;
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c

index c7e2ab14d64566ade068bd129f26f6c411961e7b..161ea034127269fd995d3f15f698670903b34620 100644 (file)
--- a/src/resolve/resolved.c
+++ b/src/resolve/resolved.c
@@ -48,7 +48,7 @@ int main(int argc, char *argv[]) {
  
          umask(0022);
  
-        r = mac_selinux_init(NULL);
+        r = mac_selinux_init();
          if (r < 0) {
                  log_error_errno(r, "SELinux setup failed: %m");
                  goto finish;
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c

index 863c6283236fb5259fd2f2c698c81a7061f5f327..4377f1b91038c7c6acd3cd7bfa45e4fdcdba657e 100644 (file)
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -1820,7 +1820,7 @@ int main(int argc, char *argv[]) {
  
          umask(0022);
  
-        r = mac_selinux_init(NULL);
+        r = mac_selinux_init();
          if (r < 0) {
                  log_error_errno(r, "SELinux setup failed: %m");
                  goto finish;
diff --git a/src/test/test-udev.c b/src/test/test-udev.c

index 9cc64f7c6805affbb2afc299029d97b53d22a44a..d01789fe08cb962b1375df61b5720a9f5a7c2a8c 100644 (file)
--- a/src/test/test-udev.c
+++ b/src/test/test-udev.c
@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) {
                  return EXIT_FAILURE;
  
          log_debug("version %s", VERSION);
-        mac_selinux_init("/dev");
+        mac_selinux_init();
  
          action = argv[1];
          if (action == NULL) {
diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c

index 0febc36af875ea7525cac05f9ca0c7308e6da700..ffec609c69cb8963bc9e6f1bb00a59ba183943a9 100644 (file)
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@@ -173,7 +173,7 @@ static int context_write_data_local_rtc(Context *c) {
                  }
          }
  
-        mac_selinux_init("/etc");
+        mac_selinux_init();
          return write_string_file_atomic_label("/etc/adjtime", w);
  }
  
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c

index 7b105a6bd402e7b4583e4197067e771d77fc93a3..f3487013cf3fd33d6aca927369c84450c68b063c 100644 (file)
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2288,7 +2288,7 @@ int main(int argc, char *argv[]) {
  
          umask(0022);
  
-        mac_selinux_init(NULL);
+        mac_selinux_init();
  
          items = ordered_hashmap_new(&string_hash_ops);
          globs = ordered_hashmap_new(&string_hash_ops);
diff --git a/src/udev/udevadm.c b/src/udev/udevadm.c

index 7bd2c1ea4237cbefc587fe9a4606a8dc1fc22bf6..a6a873e5de7627ef13b0695aa1010f01b5458ed1 100644 (file)
--- a/src/udev/udevadm.c
+++ b/src/udev/udevadm.c
@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) {
  
          log_parse_environment();
          log_open();
-        mac_selinux_init("/dev");
+        mac_selinux_init();
  
          while ((c = getopt_long(argc, argv, "+dhV", options, NULL)) >= 0)
                  switch (c) {
diff --git a/src/udev/udevd.c b/src/udev/udevd.c

index bb92f16352eab0ba24fe81803ac45302ad2b3afb..243df7386fe1e78fdea6d6af9ff233ee4589c1c9 100644 (file)
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -1695,7 +1695,7 @@ int main(int argc, char *argv[]) {
  
          umask(022);
  
-        r = mac_selinux_init("/dev");
+        r = mac_selinux_init();
          if (r < 0) {
                  log_error_errno(r, "could not initialize labelling: %m");
                  goto exit;
diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c

index 931e583785ad2f452af025a234f46963bb94c242..da306a44443a0db9460d66690c76dae727aaad29 100644 (file)
--- a/src/update-done/update-done.c
+++ b/src/update-done/update-done.c
@@ -101,7 +101,7 @@ int main(int argc, char *argv[]) {
                  return EXIT_FAILURE;
          }
  
-        r = mac_selinux_init(NULL);
+        r = mac_selinux_init();
          if (r < 0) {
                  log_error_errno(r, "SELinux setup failed: %m");
                  goto finish;
diff --git a/src/user-sessions/user-sessions.c b/src/user-sessions/user-sessions.c

index 8bf44e21009d180edee23fe389531bcfb4b6865a..9b29b5ba1d1d5c78d2fca286e5b511004aa7b170 100644 (file)
--- a/src/user-sessions/user-sessions.c
+++ b/src/user-sessions/user-sessions.c
@@ -40,7 +40,7 @@ int main(int argc, char*argv[]) {
  
          umask(0022);
  
-        mac_selinux_init(NULL);
+        mac_selinux_init();
  
          if (streq(argv[1], "start")) {
                  int r = 0;
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 2 Mar 2016 01:35:55 +0000 (20:35 -0500)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 2 Mar 2016 01:39:30 +0000 (20:39 -0500)
src/basic/selinux-util.c		patch \| blob \| blame \| history
src/basic/selinux-util.h		patch \| blob \| blame \| history
src/core/main.c		patch \| blob \| blame \| history
src/hostname/hostnamed.c		patch \| blob \| blame \| history
src/locale/localed.c		patch \| blob \| blame \| history
src/login/logind.c		patch \| blob \| blame \| history
src/resolve/resolved.c		patch \| blob \| blame \| history
src/sysusers/sysusers.c		patch \| blob \| blame \| history
src/test/test-udev.c		patch \| blob \| blame \| history
src/timedate/timedated.c		patch \| blob \| blame \| history
src/tmpfiles/tmpfiles.c		patch \| blob \| blame \| history
src/udev/udevadm.c		patch \| blob \| blame \| history
src/udev/udevd.c		patch \| blob \| blame \| history
src/update-done/update-done.c		patch \| blob \| blame \| history
src/user-sessions/user-sessions.c		patch \| blob \| blame \| history