Skip to content

L
lxc
Unverified Commit 15d82dfe by Christian Brauner
Options

selinux: remove security_context_t usage as it's deprecated

Link: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1888705Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
parent 42463040
Showing with 13 additions and 20 deletions
src/lxc/lsm/selinux.c
...@@ -32,15 +32,11 @@ lxc_log_define(selinux, lsm); ...@@ -32,15 +32,11 @@ lxc_log_define(selinux, lsm);
*/ */
static char *selinux_process_label_get(pid_t pid) static char *selinux_process_label_get(pid_t pid)
{ {
security_context_t ctx;
char *label; char *label;
if (getpidcon_raw(pid, &ctx) < 0) { if (getpidcon_raw(pid, &label) < 0)
SYSERROR("failed to get SELinux context for pid %d", pid); return log_error_errno(NULL, errno, "failed to get SELinux context for pid %d", pid);
return NULL;
}
label = strdup((char *)ctx);
freecon(ctx);
return label; return label;
} }
...@@ -63,10 +59,8 @@ static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf, ...@@ -63,10 +59,8 @@ static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf,
const char *label; const char *label;
label = inlabel ? inlabel : conf->lsm_se_context; label = inlabel ? inlabel : conf->lsm_se_context;
if (!label) { if (!label)
label = DEFAULT_LABEL; label = DEFAULT_LABEL;
}
if (strcmp(label, "unconfined_t") == 0) if (strcmp(label, "unconfined_t") == 0)
return 0; return 0;
...@@ -75,11 +69,9 @@ static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf, ...@@ -75,11 +69,9 @@ static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf,
ret = setexeccon_raw((char *)label); ret = setexeccon_raw((char *)label);
else else
ret = setcon_raw((char *)label); ret = setcon_raw((char *)label);
if (ret < 0) { if (ret < 0)
SYSERROR("Failed to set SELinux%s context to \"%s\"", return log_error_errno(-1, errno, "Failed to set SELinux%s context to \"%s\"",
on_exec ? " exec" : "", label); on_exec ? " exec" : "", label);
return -1;
}
INFO("Changed SELinux%s context to \"%s\"", on_exec ? " exec" : "", label); INFO("Changed SELinux%s context to \"%s\"", on_exec ? " exec" : "", label);
return 0; return 0;
...@@ -98,16 +90,17 @@ static int selinux_keyring_label_set(char *label) ...@@ -98,16 +90,17 @@ static int selinux_keyring_label_set(char *label)
}; };
static struct lsm_drv selinux_drv = { static struct lsm_drv selinux_drv = {
.name = "SELinux", .name = "SELinux",
.enabled = is_selinux_enabled, .enabled = is_selinux_enabled,
.process_label_get = selinux_process_label_get, .process_label_get = selinux_process_label_get,
.process_label_set = selinux_process_label_set, .process_label_set = selinux_process_label_set,
.keyring_label_set = selinux_keyring_label_set, .keyring_label_set = selinux_keyring_label_set,
}; };
struct lsm_drv *lsm_selinux_drv_init(void) struct lsm_drv *lsm_selinux_drv_init(void)
{ {
if (!is_selinux_enabled()) if (!is_selinux_enabled())
return NULL; return NULL;
return &selinux_drv; return &selinux_drv;
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment