morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 08:56:15 +09:00
Code Issues Packages Projects Releases Wiki Activity

execute: respect selinux_context_ignore

Browse Source 
When `SELinuxContext=` parameter is prefixed with `-`, the documentation states
that any errors determining or changing context should be ignored, but this
doesn't actually happen and the service may fail with `229/SELINUX_CONTEXT`.

Fix by adding checks to `context->selinux_context_ignore`.

Closes: #21057
This commit is contained in:
Topi Miettinen
2021-10-30 19:58:41 +03:00
committed by Yu Watanabe
parent 6b64d74091
commit 2ad2925de5
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/execute.c
View File

@@ -4566,7 +4566,7 @@ static int exec_child(
if (fd >= 0) {
r = mac_selinux_get_child_mls_label(fd, executable, context->selinux_context, &mac_selinux_context_net);
if (r < 0) {
if (r < 0 && !context->selinux_context_ignore) {
*exit_status = EXIT_SELINUX_CONTEXT;
return log_unit_error_errno(unit, r, "Failed to determine SELinux context: %m");
}
@@ -4700,7 +4700,7 @@ static int exec_child(
if (exec_context) {
r = setexeccon(exec_context);
if (r < 0) {
if (r < 0 && !context->selinux_context_ignore) {
*exit_status = EXIT_SELINUX_CONTEXT;
return log_unit_error_errno(unit, r, "Failed to change SELinux context to %s: %m", exec_context);
}