Browse Source

dpkg-statoverride: Set the SE Linux context on --update

When we update the file, we should apply the SE Linux context in the
same way we are doing while unpacking binary packages.

Closes: #690361
Guillem Jover 9 years ago
parent
commit
19966da895
3 changed files with 10 additions and 0 deletions
  1. 1 0
      debian/changelog
  2. 5 0
      src/Makefile.am
  3. 4 0
      src/statcmd.c

+ 1 - 0
debian/changelog

@@ -77,6 +77,7 @@ dpkg (1.18.0) UNRELEASED; urgency=low
     Based on a patch by Johannes Schauer <j.schauer@email.de>.
   * Add ‘.mailmap’ to the default dpkg-source ignore lists.
   * Remove old trigger related Breaks and Conflicts from dpkg.
+  * Set the SE Linux context on «dpkg-statoverride --update». Closes: #690361
 
   [ Raphaël Hertzog ]
   * Drop myself from Uploaders.

+ 5 - 0
src/Makefile.am

@@ -78,9 +78,14 @@ dpkg_query_SOURCES = \
 dpkg_statoverride_SOURCES = \
 	filesdb.c \
 	infodb-format.c \
+	selinux.c \
 	statdb.c \
 	statcmd.c
 
+dpkg_statoverride_LDADD = \
+	$(LDADD) \
+	$(SELINUX_LIBS)
+
 dpkg_trigger_SOURCES = \
 	trigcmd.c
 

+ 4 - 0
src/statcmd.c

@@ -167,6 +167,10 @@ statdb_node_apply(const char *filename, struct file_stat *filestat)
 		ohshite(_("error setting ownership of `%.255s'"), filename);
 	if (chmod(filename, filestat->mode))
 		ohshite(_("error setting permissions of `%.255s'"), filename);
+
+	dpkg_selabel_load();
+	dpkg_selabel_set_context(filename, filename, filestat->mode);
+	dpkg_selabel_close();
 }
 
 static void