Snapper needs a way how to set a proper selinux context on btrfs subvolumes originating in snapshot create command. Fs can't handle it on its own so snapper will enforce .snapshots subvolume relabeling according to a file returned by selinux_snapperd_contexts_path(). The format of the file will be similar to other contexts file: snapperd_data = system_u:object_r:snapperd_data_t:s0 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1247530 https://bugzilla.redhat.com/show_bug.cgi?id=1247532 Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx> --- libselinux/include/selinux/selinux.h | 1 + libselinux/src/file_path_suffixes.h | 1 + libselinux/src/selinux_config.c | 10 +++++++++- libselinux/src/selinux_internal.h | 1 + 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index 2262086..3d8673f 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h @@ -544,6 +544,7 @@ extern const char *selinux_lxc_contexts_path(void); extern const char *selinux_x_context_path(void); extern const char *selinux_sepgsql_context_path(void); extern const char *selinux_openssh_contexts_path(void); +extern const char *selinux_snapperd_contexts_path(void); extern const char *selinux_systemd_contexts_path(void); extern const char *selinux_contexts_path(void); extern const char *selinux_securetty_types_path(void); diff --git a/libselinux/src/file_path_suffixes.h b/libselinux/src/file_path_suffixes.h index d1f9b48..95b228b 100644 --- a/libselinux/src/file_path_suffixes.h +++ b/libselinux/src/file_path_suffixes.h @@ -24,6 +24,7 @@ S_(BINPOLICY, "/policy/policy") S_(VIRTUAL_IMAGE, "/contexts/virtual_image_context") S_(LXC_CONTEXTS, "/contexts/lxc_contexts") S_(OPENSSH_CONTEXTS, "/contexts/openssh_contexts") + S_(SNAPPERD_CONTEXTS, "/contexts/snapperd_contexts") S_(SYSTEMD_CONTEXTS, "/contexts/systemd_contexts") S_(FILE_CONTEXT_SUBS, "/contexts/files/file_contexts.subs") S_(FILE_CONTEXT_SUBS_DIST, "/contexts/files/file_contexts.subs_dist") diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c index bec5f3b..c519a77 100644 --- a/libselinux/src/selinux_config.c +++ b/libselinux/src/selinux_config.c @@ -50,7 +50,8 @@ #define BOOLEAN_SUBS 27 #define OPENSSH_CONTEXTS 28 #define SYSTEMD_CONTEXTS 29 -#define NEL 30 +#define SNAPPERD_CONTEXTS 30 +#define NEL 31 /* Part of one-time lazy init */ static pthread_once_t once = PTHREAD_ONCE_INIT; @@ -499,6 +500,13 @@ const char *selinux_openssh_contexts_path(void) hidden_def(selinux_openssh_contexts_path) +const char *selinux_snapperd_contexts_path(void) +{ + return get_path(SNAPPERD_CONTEXTS); +} + +hidden_def(selinux_snapperd_contexts_path) + const char *selinux_systemd_contexts_path(void) { return get_path(SYSTEMD_CONTEXTS); diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h index 46566f6..9b9145c 100644 --- a/libselinux/src/selinux_internal.h +++ b/libselinux/src/selinux_internal.h @@ -84,6 +84,7 @@ hidden_proto(selinux_mkload_policy) hidden_proto(selinux_x_context_path) hidden_proto(selinux_sepgsql_context_path) hidden_proto(selinux_openssh_contexts_path) + hidden_proto(selinux_snapperd_contexts_path) hidden_proto(selinux_systemd_contexts_path) hidden_proto(selinux_path) hidden_proto(selinux_check_passwd_access) -- 2.7.4 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
