[prev in list] [next in list] [prev in thread] [next in thread]
List: rpmorg-maint
Subject: [Rpm-maint] [PATCH 1/2] selinux: reopen label between transactions if necessary (RhBug: 746073)
From: akozumpl () redhat ! com (Ales Kozumplik)
Date: 2012-01-12 10:19:10
Message-ID: 4F0EB39E.4020104 () redhat ! com
[Download RAW message or body]
On 01/12/2012 10:36 AM, Panu Matilainen wrote:
>>
>> /* if SELinux isn't enabled, init fails or test run, don't
>> bother... */
>> - if (!is_selinux_enabled() || (rpmtsFlags(ts)&
>> RPMTRANS_FLAG_TEST)) {
>> + if (!is_selinux_enabled() || (rpmtsFlags(ts)&
>> RPMTRANS_FLAG_TEST) ||
>> + (rpmtsFlags(ts)& RPMTRANS_FLAG_NOCONTEXTS) ||
>> + rpmtsSELabelInit(ts, 1, selinux_file_context_path())) {
>
> This logic here is backwards: it'll now only call rpmtsSELabelInit()
> when selinux is *disabled* (by transaction flags or system-wide state).
I think it is correct like this, when selinux is system-wide disabled
!is_selinux_enabled() is 1 so it short circuits the other tests
(inlcuding an attempt to call rpmtsSELabelInit), no?
> I'd leave the current disable logic (ie "should we even try to do
> selinux stuff?") as it is, and instead check for rpmtsSELabelInit()
> return code for failure.
I did it this way to avoid repeating this line twice, in two if branches:
rpmlog(RPMLOG_DEBUG, "Selinux disabled.\n");
now I see obfuscation ensued.
> and instead check for rpmtsSELabelInit() return code for failure.
Yep, I'll do that instead.
Ales
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic