diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2019-03-11 13:21:09 +0900 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2019-03-11 10:59:13 +0100 |
| commit | 0a8321d33c34cd42f79e7dcbf6cfcbba305ac691 (patch) | |
| tree | a7ff4c24cddc274ae1617bdac3c64780de34da7e /src/import | |
| parent | 060d319870b78d950a47554fbe165f94bb6a971f (diff) | |
| download | systemd-0a8321d33c34cd42f79e7dcbf6cfcbba305ac691.tar.gz | |
import: do not try to set selinux related attributes if selinux is disabled
Closes #11940.
Diffstat (limited to 'src/import')
| -rw-r--r-- | src/import/import-common.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/import/import-common.c b/src/import/import-common.c index 89f03010d1..1f63ebb761 100644 --- a/src/import/import-common.c +++ b/src/import/import-common.c @@ -15,6 +15,7 @@ #include "import-common.h" #include "os-util.h" #include "process-util.h" +#include "selinux-util.h" #include "signal-util.h" #include "tmpfile-util.h" #include "util.h" @@ -62,6 +63,7 @@ int import_make_read_only(const char *path) { int import_fork_tar_x(const char *path, pid_t *ret) { _cleanup_close_pair_ int pipefd[2] = { -1, -1 }; + bool use_selinux; pid_t pid; int r; @@ -71,6 +73,8 @@ int import_fork_tar_x(const char *path, pid_t *ret) { if (pipe2(pipefd, O_CLOEXEC) < 0) return log_error_errno(errno, "Failed to create pipe for tar: %m"); + use_selinux = mac_selinux_use(); + r = safe_fork("(tar)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid); if (r < 0) return r; @@ -100,7 +104,8 @@ int import_fork_tar_x(const char *path, pid_t *ret) { if (r < 0) log_error_errno(r, "Failed to drop capabilities, ignoring: %m"); - execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", "--xattrs", "--xattrs-include=*", NULL); + execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", "--xattrs", "--xattrs-include=*", + use_selinux ? "--selinux" : "--no-selinux", NULL); log_error_errno(errno, "Failed to execute tar: %m"); _exit(EXIT_FAILURE); } @@ -112,6 +117,7 @@ int import_fork_tar_x(const char *path, pid_t *ret) { int import_fork_tar_c(const char *path, pid_t *ret) { _cleanup_close_pair_ int pipefd[2] = { -1, -1 }; + bool use_selinux; pid_t pid; int r; @@ -121,6 +127,8 @@ int import_fork_tar_c(const char *path, pid_t *ret) { if (pipe2(pipefd, O_CLOEXEC) < 0) return log_error_errno(errno, "Failed to create pipe for tar: %m"); + use_selinux = mac_selinux_use(); + r = safe_fork("(tar)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid); if (r < 0) return r; @@ -144,7 +152,8 @@ int import_fork_tar_c(const char *path, pid_t *ret) { if (r < 0) log_error_errno(r, "Failed to drop capabilities, ignoring: %m"); - execlp("tar", "tar", "-C", path, "-c", "--xattrs", "--xattrs-include=*", ".", NULL); + execlp("tar", "tar", "-C", path, "-c", "--xattrs", "--xattrs-include=*", + use_selinux ? "--selinux" : "--no-selinux", ".", NULL); log_error_errno(errno, "Failed to execute tar: %m"); _exit(EXIT_FAILURE); } |