Since commit 65c8fd45 ("libselinux: fail selabel_open(3) on invalid
option") selabel_open(3) rejects options not supported for the
respective backend. Pass SELABEL_OPT_BASEONLY only if the file backend
is selected.
Reported-by: zgzxx (https://github.com/SELinuxProject/selinux/issues/427)
Fixes: 65c8fd45 ("libselinux: fail selabel_open(3) on invalid option")
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libselinux/utils/selabel_digest.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
index 64051070..47aad21f 100644
--- a/libselinux/utils/selabel_digest.c
+++ b/libselinux/utils/selabel_digest.c
@@ -71,8 +71,8 @@ int main(int argc, char **argv)
struct selabel_handle *hnd;
struct selinux_opt selabel_option[] = {
{ SELABEL_OPT_PATH, file },
- { SELABEL_OPT_BASEONLY, baseonly },
- { SELABEL_OPT_DIGEST, digest }
+ { SELABEL_OPT_DIGEST, digest },
+ { SELABEL_OPT_BASEONLY, baseonly }
};
if (argc < 3)
@@ -119,10 +119,10 @@ int main(int argc, char **argv)
memset(cmd_buf, 0, sizeof(cmd_buf));
selabel_option[0].value = file;
- selabel_option[1].value = baseonly;
- selabel_option[2].value = digest;
+ selabel_option[1].value = digest;
+ selabel_option[2].value = baseonly;
- hnd = selabel_open(backend, selabel_option, 3);
+ hnd = selabel_open(backend, selabel_option, backend == SELABEL_CTX_FILE ? 3 : 2);
if (!hnd) {
switch (errno) {
case EOVERFLOW:
--
2.43.0
