Skip to content

Commit

Permalink
selinux: use raw variants of security_compute_create and setfscreatecon
Browse files Browse the repository at this point in the history
As suggested by Evgeny Vereshchagin as a follow up for
systemd#2781 (comment).
  • Loading branch information
keszybz committed Mar 2, 2016
1 parent c3dacc8 commit 5c5433a
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/basic/selinux-util.c
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,7 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
return -errno;

sclass = string_to_security_class("process");
r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label);
r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label);
if (r < 0)
return -errno;
#endif
Expand Down Expand Up @@ -296,7 +296,7 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
return -ENOMEM;

sclass = string_to_security_class("process");
r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label);
r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label);
if (r < 0)
return -errno;
#endif
Expand Down Expand Up @@ -350,7 +350,7 @@ int mac_selinux_create_file_prepare(const char *path, mode_t mode) {

log_enforcing("Failed to determine SELinux security context for %s: %m", path);
} else {
if (setfscreatecon(filecon) >= 0)
if (setfscreatecon_raw(filecon) >= 0)
return 0; /* Success! */

log_enforcing("Failed to set SELinux security context %s for %s: %m", filecon, path);
Expand Down

0 comments on commit 5c5433a

Please sign in to comment.