dpkg: Move SELinux fallback label to the SELinux specific code path

The wrapper function should be generic, so leaking this SELinux specific
detail there is just wrong.

2 files changed, 5 insertions, 3 deletions

diff --git a/debian/changelog b/debian/changelog
index 36d296541..7cdd3bbe4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,8 @@ dpkg (1.19.5) UNRELEASED; urgency=medium
   * Documentation:
     - start-stop-daemon(1): Document behavior of --pidfile security checks.
       Closes: #921557
+  * Code internals:
+    - dpkg: Move SELinux fallback label to the SELinux specific code path.
   * Build system:
     - Check whether this dist is a release, based only on the version format.
       This will avoid having to do a two staged release to get a proper perl
diff --git a/src/script.c b/src/script.c
index 0865b953f..f02ca509e 100644
--- a/src/script.c
+++ b/src/script.c
@@ -158,12 +158,12 @@ maintscript_pre_exec(struct command *cmd)
  * one, use the given fallback.
  */
 static int
-maintscript_set_exec_context(struct command *cmd, const char *fallback)
+maintscript_set_exec_context(struct command *cmd)
 {
 	int rc = 0;
 
 #ifdef WITH_LIBSELINUX
-	rc = setexecfilecon(cmd->filename, fallback);
+	rc = setexecfilecon(cmd->filename, "dpkg_script_t");
 #endif
 
 	return rc < 0 ? rc : 0;
@@ -199,7 +199,7 @@ maintscript_exec(struct pkginfo *pkg, struct pkgbin *pkgbin,
 
 		cmd->filename = cmd->argv[0] = maintscript_pre_exec(cmd);
 
-		if (maintscript_set_exec_context(cmd, "dpkg_script_t") < 0)
+		if (maintscript_set_exec_context(cmd) < 0)
 			ohshite(_("cannot set security execution context for "
 			          "maintainer script"));