Btrfs: enforce .snapshots subvolume relabeling

author Ondrej Kozina <okozina@redhat.com>

Mon, 11 Apr 2016 15:17:55 +0000 (17:17 +0200)

committer Ondrej Kozina <okozina@redhat.com>

Mon, 11 Apr 2016 15:17:55 +0000 (17:17 +0200)
author Ondrej Kozina <okozina@redhat.com>
Mon, 11 Apr 2016 15:17:55 +0000 (17:17 +0200)
committer Ondrej Kozina <okozina@redhat.com>
Mon, 11 Apr 2016 15:17:55 +0000 (17:17 +0200)
diff --git a/snapper/Btrfs.cc b/snapper/Btrfs.cc

index 8414b723c9c108a95d1b28b83485b7ff0c62ab3d..7bb1d924df6049347994eda3a6990b0973df4922 100644 (file)
--- a/snapper/Btrfs.cc
+++ b/snapper/Btrfs.cc
@@ -58,6 +58,9 @@
  #ifdef ENABLE_ROLLBACK
  #include "snapper/MntTable.h"
  #endif
+#ifdef ENABLE_SELINUX
+#include "snapper/Selinux.h"
+#endif
  
  
  namespace snapper
@@ -133,6 +136,19 @@ namespace snapper
         }
  
         SFile x(subvolume_dir, ".snapshots");
+#ifdef ENABLE_SELINUX
+       try
+       {
+           SnapperContexts scontexts;
+
+           x.fsetfilecon(scontexts.subvolume_context());
+       }
+       catch (const SelinuxException& e)
+       {
+           SN_CAUGHT(e);
+           // fall through intentional
+       }
+#endif
         struct stat stat;
         if (x.stat(&stat, 0) == 0)
             x.chmod(stat.st_mode & ~0027, 0);
author	Ondrej Kozina <okozina@redhat.com>
	Mon, 11 Apr 2016 15:17:55 +0000 (17:17 +0200)
committer	Ondrej Kozina <okozina@redhat.com>
	Mon, 11 Apr 2016 15:17:55 +0000 (17:17 +0200)