From: Axel Rasmussen <axelrasmussen@google.com>
Date: Mon, 3 Aug 2020 16:19:49 +0000 (-0700)
Subject: selinux: improve comment about getcon_raw semantics
X-Git-Tag: v247-rc1~450
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a119185c02d079ee1895033498fa2e073160fcac;p=thirdparty%2Fsystemd.git

selinux: improve comment about getcon_raw semantics

This code was changed in this pull request:
https://github.com/systemd/systemd/pull/16571

After some discussion and more investigation, we better understand
what's going on. So, update the comment, so things are more clear
to future readers.
---

diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
index 817069b3fe6..40da8dd0e5c 100644
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -50,7 +50,10 @@ int mac_selinux_setup(bool *loaded_policy) {
 
         /* Already initialized by somebody else? */
         r = getcon_raw(&con);
-        /* getcon_raw can return 0, and still give us a NULL pointer. */
+        /* getcon_raw can return 0, and still give us a NULL pointer if
+         * /proc/self/attr/current is empty. SELinux guarantees this won't
+         * happen, but that file isn't specific to SELinux, and may be provided
+         * by some other arbitrary LSM with different semantics. */
         if (r == 0 && con) {
                 initialized = !streq(con, "kernel");
                 freecon(con);