mkdir: provide all functions with and without selinux label application
This commit is contained in:
parent
d2e54fae5c
commit
c66e7f0499
|
@ -263,15 +263,14 @@ void label_free(const char *label) {
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
int label_mkdir(const char *path, mode_t mode) {
|
int label_mkdir(const char *path, mode_t mode, bool apply) {
|
||||||
|
|
||||||
/* Creates a directory and labels it according to the SELinux policy */
|
/* Creates a directory and labels it according to the SELinux policy */
|
||||||
|
|
||||||
#ifdef HAVE_SELINUX
|
#ifdef HAVE_SELINUX
|
||||||
int r;
|
int r;
|
||||||
security_context_t fcon = NULL;
|
security_context_t fcon = NULL;
|
||||||
|
|
||||||
if (!use_selinux() || !label_hnd)
|
if (!apply || !use_selinux() || !label_hnd)
|
||||||
goto skipped;
|
goto skipped;
|
||||||
|
|
||||||
if (path_is_absolute(path))
|
if (path_is_absolute(path))
|
||||||
|
|
|
@ -41,7 +41,7 @@ void label_free(const char *label);
|
||||||
|
|
||||||
int label_get_create_label_from_exe(const char *exe, char **label);
|
int label_get_create_label_from_exe(const char *exe, char **label);
|
||||||
|
|
||||||
int label_mkdir(const char *path, mode_t mode);
|
int label_mkdir(const char *path, mode_t mode, bool apply);
|
||||||
|
|
||||||
void label_retest_selinux(void);
|
void label_retest_selinux(void);
|
||||||
|
|
||||||
|
|
|
@ -32,13 +32,13 @@
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
|
||||||
int mkdir_label(const char *path, mode_t mode) {
|
int mkdir_label(const char *path, mode_t mode) {
|
||||||
return label_mkdir(path, mode);
|
return label_mkdir(path, mode, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) {
|
static int makedir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool apply) {
|
||||||
struct stat st;
|
struct stat st;
|
||||||
|
|
||||||
if (label_mkdir(path, mode) >= 0)
|
if (label_mkdir(path, mode, apply) >= 0)
|
||||||
if (chmod_and_chown(path, mode, uid, gid) < 0)
|
if (chmod_and_chown(path, mode, uid, gid) < 0)
|
||||||
return -errno;
|
return -errno;
|
||||||
|
|
||||||
|
@ -56,7 +56,15 @@ int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int mkdir_parents_label(const char *path, mode_t mode) {
|
int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid) {
|
||||||
|
return makedir_safe(path, mode, uid, gid, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) {
|
||||||
|
return makedir_safe(path, mode, uid, gid, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int makedir_parents(const char *path, mode_t mode, bool apply) {
|
||||||
struct stat st;
|
struct stat st;
|
||||||
const char *p, *e;
|
const char *p, *e;
|
||||||
|
|
||||||
|
@ -92,7 +100,7 @@ int mkdir_parents_label(const char *path, mode_t mode) {
|
||||||
if (!t)
|
if (!t)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
r = label_mkdir(t, mode);
|
r = label_mkdir(t, mode, apply);
|
||||||
free(t);
|
free(t);
|
||||||
|
|
||||||
if (r < 0 && errno != EEXIST)
|
if (r < 0 && errno != EEXIST)
|
||||||
|
@ -100,16 +108,33 @@ int mkdir_parents_label(const char *path, mode_t mode) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
int mkdir_p_label(const char *path, mode_t mode) {
|
int mkdir_parents(const char *path, mode_t mode) {
|
||||||
|
return makedir_parents(path, mode, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
int mkdir_parents_label(const char *path, mode_t mode) {
|
||||||
|
return makedir_parents(path, mode, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int makedir_p(const char *path, mode_t mode, bool apply) {
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
/* Like mkdir -p */
|
/* Like mkdir -p */
|
||||||
|
|
||||||
if ((r = mkdir_parents_label(path, mode)) < 0)
|
r = makedir_parents(path, mode, apply);
|
||||||
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (label_mkdir(path, mode) < 0 && errno != EEXIST)
|
if (label_mkdir(path, mode, apply) < 0 && errno != EEXIST)
|
||||||
return -errno;
|
return -errno;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int mkdir_p(const char *path, mode_t mode) {
|
||||||
|
return makedir_p(path, mode, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
int mkdir_p_label(const char *path, mode_t mode) {
|
||||||
|
return makedir_p(path, mode, true);
|
||||||
|
}
|
||||||
|
|
|
@ -22,8 +22,11 @@
|
||||||
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||||
***/
|
***/
|
||||||
|
|
||||||
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid);
|
|
||||||
int mkdir_label(const char *path, mode_t mode);
|
int mkdir_label(const char *path, mode_t mode);
|
||||||
|
int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid);
|
||||||
|
int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid);
|
||||||
|
int mkdir_parents(const char *path, mode_t mode);
|
||||||
int mkdir_parents_label(const char *path, mode_t mode);
|
int mkdir_parents_label(const char *path, mode_t mode);
|
||||||
|
int mkdir_p(const char *path, mode_t mode);
|
||||||
int mkdir_p_label(const char *path, mode_t mode);
|
int mkdir_p_label(const char *path, mode_t mode);
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue