From 9507e118e9069f595c5c79cd9404a1ab76204cf8 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 27 Aug 2025 01:31:36 +0900 Subject: [PATCH] pcrlock: use WRITE_STRING_FILE_LABEL Fixes #38727. --- src/pcrlock/pcrlock.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c index a04bb8c93c5..9d167ef9194 100644 --- a/src/pcrlock/pcrlock.c +++ b/src/pcrlock/pcrlock.c @@ -34,6 +34,7 @@ #include "hexdecoct.h" #include "initrd-util.h" #include "json-util.h" +#include "label-util.h" #include "list.h" #include "main-func.h" #include "mkdir-label.h" @@ -4414,7 +4415,7 @@ static int write_boot_policy_file(const char *json_text) { AT_FDCWD, boot_policy_file, &encoded, - WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_SYNC|WRITE_STRING_FILE_MKDIR_0755); + WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_SYNC|WRITE_STRING_FILE_MKDIR_0755|WRITE_STRING_FILE_LABEL); if (r < 0) return log_error_errno(r, "Failed to write boot policy file to '%s': %m", boot_policy_file); @@ -4831,7 +4832,7 @@ static int make_policy(bool force, RecoveryPinMode recovery_pin_mode) { return log_error_errno(r, "Failed to format new configuration to JSON: %m"); const char *path = arg_policy_path ?: (in_initrd() ? "/run/systemd/pcrlock.json" : "/var/lib/systemd/pcrlock.json"); - r = write_string_file(path, text, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_SYNC|WRITE_STRING_FILE_MKDIR_0755); + r = write_string_file(path, text, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_SYNC|WRITE_STRING_FILE_MKDIR_0755|WRITE_STRING_FILE_LABEL); if (r < 0) return log_error_errno(r, "Failed to write new configuration to '%s': %m", path); @@ -5428,6 +5429,10 @@ static int run(int argc, char *argv[]) { log_setup(); + r = mac_init(); + if (r < 0) + return r; + r = parse_argv(argc, argv); if (r <= 0) return r; -- 2.47.3