matchpathcon(3) is deprecated in favor of selabel_lookup(3).
---
lib/selinux.c | 36 ++++++++++++++++++++++++------------
1 file changed, 24 insertions(+), 12 deletions(-)
diff --git a/lib/selinux.c b/lib/selinux.c
index a2ea91c8..41f4371d 100644
--- a/lib/selinux.c
+++ b/lib/selinux.c
@@ -35,7 +35,7 @@
#include "defines.h"
#include <selinux/selinux.h>
-#include <selinux/context.h>
+#include <selinux/label.h>
#include "prototypes.h"
static bool selinux_checked = false;
@@ -53,8 +53,6 @@ static bool selinux_enabled;
*/
int set_selinux_file_context (const char *dst_name)
{
- /*@null@*/char *scontext = NULL;
-
if (!selinux_checked) {
selinux_enabled = is_selinux_enabled () > 0;
selinux_checked = true;
@@ -62,19 +60,33 @@ int set_selinux_file_context (const char *dst_name)
if (selinux_enabled) {
/* Get the default security context for this file */
- if (matchpathcon (dst_name, 0, &scontext) < 0) {
- if (security_getenforce () != 0) {
- return 1;
+
+ /*@null@*/char *fcontext_raw = NULL;
+ struct selabel_handle *hnd;
+ int r;
+
+ hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+ if (hnd == NULL) {
+ return security_getenforce () != 0;
+ }
+
+ r = selabel_lookup_raw(hnd, &fcontext_raw, dst_name, 0);
+ selabel_close(hnd);
+ if (r < 0) {
+ /* No context specified for the searched path */
+ if (errno == ENOENT) {
+ return 0;
}
+
+ return security_getenforce () != 0;
}
+
/* Set the security context for the next created file */
- if (setfscreatecon (scontext) < 0) {
- if (security_getenforce () != 0) {
- freecon (scontext);
- return 1;
- }
+ r = setfscreatecon_raw (fcontext_raw);
+ freecon (fcontext_raw);
+ if (r < 0) {
+ return security_getenforce () != 0;
}
- freecon (scontext);
}
return 0;
}
--
2.31.0
