In permissive, if a bad label is written to a file_context file, restorecon will not verify the label before succesfully applying the context. These patches fix validation of labels during restorecon while not breaking current behavior of lazy validation.
Changes since V1: - Continue using lazy validation for restorecon that was broken in V1 of the patch. - Add line number tracking for error messages in restorecon. Changes since V2: - Fix compiler error caused by unused variable in selabel_validate() Yuli Khodorkovskiy (2): libselinux: verify file_contexts when using restorecon libselinux: echo line number of bad label in selabel_fini() libselinux/src/label.c | 7 +++---- libselinux/src/label_backends_android.c | 2 +- libselinux/src/label_file.c | 2 +- libselinux/src/label_file.h | 3 ++- libselinux/src/label_internal.h | 7 +++---- libselinux/src/matchpathcon.c | 5 ++--- 6 files changed, 12 insertions(+), 14 deletions(-) -- 2.14.3
