diff options
author | Guillem Jover <guillem@debian.org> | 2019-02-23 04:47:02 +0100 |
---|---|---|
committer | Guillem Jover <guillem@debian.org> | 2019-02-23 15:24:29 +0100 |
commit | be0504ce8b38a653c43a33ce6b4b70722e2e46a5 (patch) | |
tree | 6814dd4939876f32f39395bfcf672b03eb651573 | |
parent | 754511aaef556ebad03560e689eeb2044a7ee1fd (diff) | |
download | dpkg-be0504ce8b38a653c43a33ce6b4b70722e2e46a5.tar.gz |
dpkg: Move SELinux fallback label to the SELinux specific code path
The wrapper function should be generic, so leaking this SELinux specific
detail there is just wrong.
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | src/script.c | 6 |
2 files changed, 5 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 36d296541..7cdd3bbe4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,8 @@ dpkg (1.19.5) UNRELEASED; urgency=medium * Documentation: - start-stop-daemon(1): Document behavior of --pidfile security checks. Closes: #921557 + * Code internals: + - dpkg: Move SELinux fallback label to the SELinux specific code path. * Build system: - Check whether this dist is a release, based only on the version format. This will avoid having to do a two staged release to get a proper perl diff --git a/src/script.c b/src/script.c index 0865b953f..f02ca509e 100644 --- a/src/script.c +++ b/src/script.c @@ -158,12 +158,12 @@ maintscript_pre_exec(struct command *cmd) * one, use the given fallback. */ static int -maintscript_set_exec_context(struct command *cmd, const char *fallback) +maintscript_set_exec_context(struct command *cmd) { int rc = 0; #ifdef WITH_LIBSELINUX - rc = setexecfilecon(cmd->filename, fallback); + rc = setexecfilecon(cmd->filename, "dpkg_script_t"); #endif return rc < 0 ? rc : 0; @@ -199,7 +199,7 @@ maintscript_exec(struct pkginfo *pkg, struct pkgbin *pkgbin, cmd->filename = cmd->argv[0] = maintscript_pre_exec(cmd); - if (maintscript_set_exec_context(cmd, "dpkg_script_t") < 0) + if (maintscript_set_exec_context(cmd) < 0) ohshite(_("cannot set security execution context for " "maintainer script")); |