This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=be0504ce8b38a653c43a33ce6b4b70722e2e46a5 commit be0504ce8b38a653c43a33ce6b4b70722e2e46a5 Author: Guillem Jover <[email protected]> AuthorDate: Sat Feb 23 04:47:02 2019 +0100 dpkg: Move SELinux fallback label to the SELinux specific code path The wrapper function should be generic, so leaking this SELinux specific detail there is just wrong. --- debian/changelog | 2 ++ src/script.c | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 36d296541..7cdd3bbe4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,8 @@ dpkg (1.19.5) UNRELEASED; urgency=medium * Documentation: - start-stop-daemon(1): Document behavior of --pidfile security checks. Closes: #921557 + * Code internals: + - dpkg: Move SELinux fallback label to the SELinux specific code path. * Build system: - Check whether this dist is a release, based only on the version format. This will avoid having to do a two staged release to get a proper perl diff --git a/src/script.c b/src/script.c index 0865b953f..f02ca509e 100644 --- a/src/script.c +++ b/src/script.c @@ -158,12 +158,12 @@ maintscript_pre_exec(struct command *cmd) * one, use the given fallback. */ static int -maintscript_set_exec_context(struct command *cmd, const char *fallback) +maintscript_set_exec_context(struct command *cmd) { int rc = 0; #ifdef WITH_LIBSELINUX - rc = setexecfilecon(cmd->filename, fallback); + rc = setexecfilecon(cmd->filename, "dpkg_script_t"); #endif return rc < 0 ? rc : 0; @@ -199,7 +199,7 @@ maintscript_exec(struct pkginfo *pkg, struct pkgbin *pkgbin, cmd->filename = cmd->argv[0] = maintscript_pre_exec(cmd); - if (maintscript_set_exec_context(cmd, "dpkg_script_t") < 0) + if (maintscript_set_exec_context(cmd) < 0) ohshite(_("cannot set security execution context for " "maintainer script")); -- Dpkg.Org's dpkg
