Bug#966998: patch

Tue, 11 Aug 2020 11:00:46 -0700 

Attached you can find the diff.

commit 15d82dfe4f7900be54e06b6ca0a79321ee2a9b34
Author: Christian Brauner <christian.brau...@ubuntu.com>
Date:   Sat Jul 25 11:36:46 2020 +0200

    selinux: remove security_context_t usage as it's deprecated
    
    Link: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1888705
    Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>

diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
index dba0ab584..e28731e8f 100644
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -32,15 +32,11 @@ lxc_log_define(selinux, lsm);
  */
 static char *selinux_process_label_get(pid_t pid)
 {
-	security_context_t ctx;
 	char *label;
 
-	if (getpidcon_raw(pid, &ctx) < 0) {
-		SYSERROR("failed to get SELinux context for pid %d", pid);
-		return NULL;
-	}
-	label = strdup((char *)ctx);
-	freecon(ctx);
+	if (getpidcon_raw(pid, &label) < 0)
+		return log_error_errno(NULL, errno, "failed to get SELinux context for pid %d", pid);
+
 	return label;
 }
 
@@ -63,10 +59,8 @@ static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf,
 	const char *label;
 
 	label = inlabel ? inlabel : conf->lsm_se_context;
-	if (!label) {
-
+	if (!label)
 		label = DEFAULT_LABEL;
-	}
 
 	if (strcmp(label, "unconfined_t") == 0)
 		return 0;
@@ -75,11 +69,9 @@ static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf,
 		ret = setexeccon_raw((char *)label);
 	else
 		ret = setcon_raw((char *)label);
-	if (ret < 0) {
-		SYSERROR("Failed to set SELinux%s context to \"%s\"",
-			 on_exec ? " exec" : "", label);
-		return -1;
-	}
+	if (ret < 0)
+		return log_error_errno(-1, errno, "Failed to set SELinux%s context to \"%s\"",
+				       on_exec ? " exec" : "", label);
 
 	INFO("Changed SELinux%s context to \"%s\"", on_exec ? " exec" : "", label);
 	return 0;
@@ -98,16 +90,17 @@ static int selinux_keyring_label_set(char *label)
 };
 
 static struct lsm_drv selinux_drv = {
-	.name = "SELinux",
-	.enabled           = is_selinux_enabled,
-	.process_label_get = selinux_process_label_get,
-	.process_label_set = selinux_process_label_set,
-	.keyring_label_set = selinux_keyring_label_set,
+	.name			= "SELinux",
+	.enabled		= is_selinux_enabled,
+	.process_label_get	= selinux_process_label_get,
+	.process_label_set	= selinux_process_label_set,
+	.keyring_label_set	= selinux_keyring_label_set,
 };
 
 struct lsm_drv *lsm_selinux_drv_init(void)
 {
 	if (!is_selinux_enabled())
 		return NULL;
+
 	return &selinux_drv;
 }

Reply via email to