diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2013-04-05 10:49:24 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2013-04-05 10:54:24 +0300 |
commit | 9c082fb8689efdaa5a595d3043e67ccec4ed930c (patch) | |
tree | 892a6007a8bc334600a1122034edfcdff3780c03 | |
parent | 6fd18f15b3a05eed456d41058f77a928071c8a97 (diff) | |
download | rpm-9c082fb8689efdaa5a595d3043e67ccec4ed930c.tar.gz |
Permit scriptlet exec context setting to fail in non-enforcing modes
- This is what rpm_execcon() in libselinux always did, and trying to
be more strict causes things to blow up on install to an empty
chroot where /proc and /sys/fs/selinux are not mounted.
-rw-r--r-- | plugins/selinux.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/selinux.c b/plugins/selinux.c index 0a3ef6f13..736514b60 100644 --- a/plugins/selinux.c +++ b/plugins/selinux.c @@ -133,6 +133,10 @@ exit: freecon(fcon); freecon(mycon); + /* If selinux is not enforcing, we don't care either */ + if (rc && security_getenforce() < 1) + rc = RPMRC_OK; + return rc; } |