diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-04-25 14:57:55 -0400 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-04-25 15:03:10 -0400 |
| commit | 7907ac7c811670643c3606125657a39226507ea1 (patch) | |
| tree | d8a736492daa9c273e45bcb5ca4465b7928ac6f3 | |
| parent | fb109b894a5fc2891e49ec8e81c0dda171b45b7f (diff) | |
| download | extras-7907ac7c811670643c3606125657a39226507ea1.tar.gz | |
Label lost+found directories with SELinux security contexts.
When an asec image is generated, the lost+found directory has no
security.selinux attribute set and thus shows up as unlabeled.
We already handle this correctly when building images from existing
directories with files, so we just need to do it here as well when
generating an otherwise empty initial image.
Change-Id: I6d449dcc67a5cbc2101718e34ea0e184936d7f0e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
| -rw-r--r-- | ext4_utils/make_ext4fs.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/ext4_utils/make_ext4fs.c b/ext4_utils/make_ext4fs.c index 0cb5bae9..b9a24b83 100644 --- a/ext4_utils/make_ext4fs.c +++ b/ext4_utils/make_ext4fs.c @@ -79,7 +79,8 @@ static int filter_dot(const struct dirent *d) return (strcmp(d->d_name, "..") && strcmp(d->d_name, ".")); } -static u32 build_default_directory_structure() +static u32 build_default_directory_structure(const char *dir_path, + struct selabel_handle *sehnd) { u32 inode; u32 root_inode; @@ -97,6 +98,22 @@ static u32 build_default_directory_structure() inode_set_permissions(inode, dentries.mode, dentries.uid, dentries.gid, dentries.mtime); +#ifndef USE_MINGW + if (sehnd) { + char *path = NULL; + char *secontext = NULL; + + asprintf(&path, "%slost+found", dir_path); + if (selabel_lookup(sehnd, &secontext, path, S_IFDIR) < 0) { + error("cannot lookup security context for %s", path); + } else { + inode_set_selinux(inode, secontext); + freecon(secontext); + } + free(path); + } +#endif + return root_inode; } @@ -564,13 +581,13 @@ int make_ext4fs_internal(int fd, const char *_directory, #ifdef USE_MINGW // Windows needs only 'create an empty fs image' functionality assert(!directory); - root_inode_num = build_default_directory_structure(); + root_inode_num = build_default_directory_structure(mountpoint, sehnd); #else if (directory) root_inode_num = build_directory_structure(directory, mountpoint, 0, fs_config_func, sehnd, verbose); else - root_inode_num = build_default_directory_structure(); + root_inode_num = build_default_directory_structure(mountpoint, sehnd); #endif root_mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH; |