RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libsemanage: genhomedircon: only set MLS level if MLS is enabled 

When a non-MLS policy was used with genhomedircon context_from_record()
in sepol would report an error because an MLS level was present when MLS
is disabled.  Based on a patch by Gary Tierney, amended to use
sepol_policydb_mls_enabled rather than semanage_mls_enabled because
we are testing the temporary working policy, not the active policy.

Reported-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2016-10-14 13:36:37 -04:00
parent 1a27b5add9
commit 4cf9b9ce2d
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libsemanage/src/genhomedircon.c
View File

@ -638,7 +638,11 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out,
goto fail; goto fail;
} }
if (sepol_context_set_user(sepolh, context, user->sename) < 0 || if (sepol_context_set_user(sepolh, context, user->sename) < 0) {
goto fail;
}
if (sepol_policydb_mls_enabled(s->policydb) &&
sepol_context_set_mls(sepolh, context, user->level) < 0) { sepol_context_set_mls(sepolh, context, user->level) < 0) {
goto fail; goto fail;
} }