From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Fri, 17 Sep 2021 11:42:18 +0000 (+0100)
Subject: selinux: add mac_selinux_create_file_prepare_label helper
X-Git-Tag: v250-rc1~639^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6f7ccbcc747e7006eba250a38684d7f7bf52b334;p=thirdparty%2Fsystemd.git

selinux: add mac_selinux_create_file_prepare_label helper

Allow to use setfscreatecon with a custom label rather than the default
---

diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c
index 34e78e6792a..ca92a65efc5 100644
--- a/src/shared/selinux-util.c
+++ b/src/shared/selinux-util.c
@@ -562,6 +562,21 @@ int mac_selinux_create_file_prepare(const char *path, mode_t mode) {
 #endif
 }
 
+int mac_selinux_create_file_prepare_label(const char *path, const char *label) {
+#if HAVE_SELINUX
+
+        if (!label)
+                return 0;
+
+        if (!mac_selinux_use())
+                return 0;
+
+        if (setfscreatecon_raw(label) < 0)
+                return log_enforcing_errno(errno, "Failed to set specified SELinux security context '%s' for '%s': %m", label, strna(path));
+#endif
+        return 0;
+}
+
 void mac_selinux_create_file_clear(void) {
 
 #if HAVE_SELINUX
diff --git a/src/shared/selinux-util.h b/src/shared/selinux-util.h
index 1095bdef0ee..4147a3ad506 100644
--- a/src/shared/selinux-util.h
+++ b/src/shared/selinux-util.h
@@ -43,6 +43,7 @@ char* mac_selinux_free(char *label);
 
 int mac_selinux_create_file_prepare(const char *path, mode_t mode);
 int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode);
+int mac_selinux_create_file_prepare_label(const char *path, const char *label);
 void mac_selinux_create_file_clear(void);
 
 int mac_selinux_create_socket_prepare(const char *label);