selinux: use *_raw API from libselinux

author Evgeny Vereshchagin <evvers@ya.ru>

Fri, 4 Mar 2016 01:58:28 +0000 (01:58 +0000)

committer Evgeny Vereshchagin <evvers@ya.ru>

Fri, 4 Mar 2016 01:58:28 +0000 (01:58 +0000)
author Evgeny Vereshchagin <evvers@ya.ru>
Fri, 4 Mar 2016 01:58:28 +0000 (01:58 +0000)
committer Evgeny Vereshchagin <evvers@ya.ru>
Fri, 4 Mar 2016 01:58:28 +0000 (01:58 +0000)
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c

index 5e6181f6623f5c48b747cd00683126a0ebbfb90c..10c2f39369212d80d969f2da37345269adb4d4f9 100644 (file)
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -152,7 +152,7 @@ int mac_selinux_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
                          return 0;
  
                  if (r >= 0) {
-                        r = lsetfilecon(path, fcon);
+                        r = lsetfilecon_raw(path, fcon);
  
                          /* If the FS doesn't support labels, then exit without warning */
                          if (r < 0 && errno == EOPNOTSUPP)
@@ -262,7 +262,7 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
          if (r < 0)
                  return -errno;
  
-        r = getpeercon(socket_fd, &peercon);
+        r = getpeercon_raw(socket_fd, &peercon);
          if (r < 0)
                  return -errno;
  
@@ -371,7 +371,7 @@ void mac_selinux_create_file_clear(void) {
          if (!mac_selinux_use())
                  return;
  
-        setfscreatecon(NULL);
+        setfscreatecon_raw(NULL);
  #endif
  }
  
@@ -402,7 +402,7 @@ void mac_selinux_create_socket_clear(void) {
          if (!mac_selinux_use())
                  return;
  
-        setsockcreatecon(NULL);
+        setsockcreatecon_raw(NULL);
  #endif
  }
  
@@ -461,7 +461,7 @@ int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
                          return -errno;
  
          } else {
-                if (setfscreatecon(fcon) < 0) {
+                if (setfscreatecon_raw(fcon) < 0) {
                          log_enforcing("Failed to set SELinux security context %s for %s: %m", fcon, path);
                          if (security_getenforce() > 0)
                                  return -errno;
@@ -472,7 +472,7 @@ int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
          r = bind(fd, addr, addrlen) < 0 ? -errno : 0;
  
          if (context_changed)
-                setfscreatecon(NULL);
+                setfscreatecon_raw(NULL);
  
          return r;
  
diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c

index 9a115a4387ec429bce5398d59d743f4671d827bd..4072df58e637b9d8b952daaed75ef8c653c1b433 100644 (file)
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -88,7 +88,7 @@ int mac_selinux_setup(bool *loaded_policy) {
                          log_open();
                          log_error("Failed to compute init label, ignoring.");
                  } else {
-                        r = setcon(label);
+                        r = setcon_raw(label);
  
                          log_open();
                          if (r < 0)
author	Evgeny Vereshchagin <evvers@ya.ru>
	Fri, 4 Mar 2016 01:58:28 +0000 (01:58 +0000)
committer	Evgeny Vereshchagin <evvers@ya.ru>
	Fri, 4 Mar 2016 01:58:28 +0000 (01:58 +0000)
src/basic/selinux-util.c		patch \| blob \| blame \| history
src/core/selinux-setup.c		patch \| blob \| blame \| history