mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-25 15:32:07 +00:00
Separate out the calling of local subs and dist subs in selabel_sub
We want to allow users to setup their substitions to run fist and then run the distro subs second. This fixes the problem where a user defines a sub like /usr/local/foobar and we ignore it. We need this for software collections which is setting up local subs of /opt/src/foobar/root /
This commit is contained in:
parent
51d9a078c2
commit
fd56c5230c
@ -58,7 +58,7 @@ static char *selabel_sub(struct selabel_sub *ptr, const char *src)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
struct selabel_sub *selabel_subs_init(const char *path,struct selabel_sub *list)
|
||||
struct selabel_sub *selabel_subs_init(const char *path, struct selabel_sub *list)
|
||||
{
|
||||
char buf[1024];
|
||||
FILE *cfg = fopen(path, "r");
|
||||
@ -171,6 +171,7 @@ struct selabel_handle *selabel_open(unsigned int backend,
|
||||
rec->validating = selabel_is_validate_set(opts, nopts);
|
||||
|
||||
rec->subs = NULL;
|
||||
rec->dist_subs = NULL;
|
||||
|
||||
if ((*initfuncs[backend])(rec, opts, nopts)) {
|
||||
free(rec);
|
||||
@ -186,13 +187,24 @@ selabel_lookup_common(struct selabel_handle *rec, int translating,
|
||||
const char *key, int type)
|
||||
{
|
||||
struct selabel_lookup_rec *lr;
|
||||
char *ptr = NULL;
|
||||
char *dptr = NULL;
|
||||
|
||||
if (key == NULL) {
|
||||
errno = EINVAL;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
char *ptr = selabel_sub(rec->subs, key);
|
||||
ptr = selabel_sub(rec->subs, key);
|
||||
if (ptr) {
|
||||
dptr = selabel_sub(rec->dist_subs, ptr);
|
||||
if (dptr) {
|
||||
free(ptr);
|
||||
ptr = dptr;
|
||||
}
|
||||
} else {
|
||||
ptr = selabel_sub(rec->dist_subs, key);
|
||||
}
|
||||
if (ptr) {
|
||||
lr = rec->func_lookup(rec, ptr, type);
|
||||
free(ptr);
|
||||
@ -241,6 +253,7 @@ int selabel_lookup_raw(struct selabel_handle *rec, security_context_t *con,
|
||||
void selabel_close(struct selabel_handle *rec)
|
||||
{
|
||||
selabel_subs_fini(rec->subs);
|
||||
selabel_subs_fini(rec->dist_subs);
|
||||
rec->func_close(rec);
|
||||
free(rec->spec_file);
|
||||
free(rec);
|
||||
|
@ -496,12 +496,12 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
|
||||
|
||||
/* Process local and distribution substitution files */
|
||||
if (!path) {
|
||||
rec->subs = selabel_subs_init(selinux_file_context_subs_dist_path(), rec->subs);
|
||||
rec->dist_subs = selabel_subs_init(selinux_file_context_subs_dist_path(), rec->dist_subs);
|
||||
rec->subs = selabel_subs_init(selinux_file_context_subs_path(), rec->subs);
|
||||
path = selinux_file_context_path();
|
||||
} else {
|
||||
snprintf(subs_file, sizeof(subs_file), "%s.subs_dist", path);
|
||||
rec->subs = selabel_subs_init(subs_file, rec->subs);
|
||||
rec->dist_subs = selabel_subs_init(subs_file, rec->dist_subs);
|
||||
snprintf(subs_file, sizeof(subs_file), "%s.subs", path);
|
||||
rec->subs = selabel_subs_init(subs_file, rec->subs);
|
||||
}
|
||||
|
@ -68,6 +68,7 @@ struct selabel_handle {
|
||||
char *spec_file;
|
||||
|
||||
/* substitution support */
|
||||
struct selabel_sub *dist_subs;
|
||||
struct selabel_sub *subs;
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user