diff options
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | src/script.c | 6 |
2 files changed, 5 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 36d296541..7cdd3bbe4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,8 @@ dpkg (1.19.5) UNRELEASED; urgency=medium * Documentation: - start-stop-daemon(1): Document behavior of --pidfile security checks. Closes: #921557 + * Code internals: + - dpkg: Move SELinux fallback label to the SELinux specific code path. * Build system: - Check whether this dist is a release, based only on the version format. This will avoid having to do a two staged release to get a proper perl diff --git a/src/script.c b/src/script.c index 0865b953f..f02ca509e 100644 --- a/src/script.c +++ b/src/script.c @@ -158,12 +158,12 @@ maintscript_pre_exec(struct command *cmd) * one, use the given fallback. */ static int -maintscript_set_exec_context(struct command *cmd, const char *fallback) +maintscript_set_exec_context(struct command *cmd) { int rc = 0; #ifdef WITH_LIBSELINUX - rc = setexecfilecon(cmd->filename, fallback); + rc = setexecfilecon(cmd->filename, "dpkg_script_t"); #endif return rc < 0 ? rc : 0; @@ -199,7 +199,7 @@ maintscript_exec(struct pkginfo *pkg, struct pkgbin *pkgbin, cmd->filename = cmd->argv[0] = maintscript_pre_exec(cmd); - if (maintscript_set_exec_context(cmd, "dpkg_script_t") < 0) + if (maintscript_set_exec_context(cmd) < 0) ohshite(_("cannot set security execution context for " "maintainer script")); |