On Wed, Sep 26, 2018 at 8:12 AM Stephen Smalley wrote:
> The kernel only supports seclabel if it is >= 2.6.30 _and_
> SELinux is enabled, since seclabel is generated by SELinux
> based partly on policy (e.g. is the filesystem type configured in policy
> with a labeling behavior that supports userspace labeling). For some
> reason, when this logic was moved from setfiles to libselinux,
> the test of whether SELinux was enabled was dropped. Restore it.
>
> This is necessary to enable use of setfiles on non-SELinux hosts
> without requiring explicit use of the -m option.
>
> Fixes: 602347c7422e971a5674fe2767267a96e3b4f61c ("policycoreutils:
> setfiles - Modify to use selinux_restorecon")
> Reported-by: sajjad ahmed
> Signed-off-by: Stephen Smalley
> Cc: Richard Haines
> ---
> libselinux/src/selinux_restorecon.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libselinux/src/selinux_restorecon.c
> b/libselinux/src/selinux_restorecon.c
> index 41f22250..34a6408a 100644
> --- a/libselinux/src/selinux_restorecon.c
> +++ b/libselinux/src/selinux_restorecon.c
> @@ -241,6 +241,8 @@ static int exclude_non_seclabel_mounts(void)
> /* Check to see if the kernel supports seclabel */
> if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0)
> return 0;
> + if (is_selinux_enabled() <= 0)
> + return 0;
>
>
LGTM
> fp = fopen("/proc/mounts", "re");
> if (!fp)
> --
> 2.14.4
>
> ___
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to
> selinux-requ...@tycho.nsa.gov.
>
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.