selinux: always try to load the full selinux db

https://github.com/systemd/systemd/pull/2508#issuecomment-190901170 Maybe fixes https://bugzilla.redhat.com/show_bug.cgi?id=1308771.
2016-03-01 20:35:55 -05:00 · 2016-03-01 20:35:55 -05:00 · c3dacc8bbf
parent 114761866a
commit c3dacc8bbf
15 changed files with 18 additions and 26 deletions
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@ -80,31 +80,23 @@ void mac_selinux_retest(void) {
 #endif
 }

-int mac_selinux_init(const char *prefix) {
+int mac_selinux_init(void) {
        int r = 0;

 #ifdef HAVE_SELINUX
        usec_t before_timestamp, after_timestamp;
        struct mallinfo before_mallinfo, after_mallinfo;

-        if (!mac_selinux_use())
+        if (label_hnd)
                return 0;

-        if (label_hnd)
+        if (!mac_selinux_use())
                return 0;

        before_mallinfo = mallinfo();
        before_timestamp = now(CLOCK_MONOTONIC);

-        if (prefix) {
-                struct selinux_opt options[] = {
-                        { .type = SELABEL_OPT_SUBSET, .value = prefix },
-                };
-
-                label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));
-        } else
-                label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
-
+        label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
        if (!label_hnd) {
                log_enforcing("Failed to initialize SELinux context: %m");
                r = security_getenforce() == 1 ? -errno : 0;
--- a/src/basic/selinux-util.h
+++ b/src/basic/selinux-util.h
@ -29,7 +29,7 @@ bool mac_selinux_use(void);
 bool mac_selinux_have(void);
 void mac_selinux_retest(void);

-int mac_selinux_init(const char *prefix);
+int mac_selinux_init(void);
 void mac_selinux_finish(void);

 int mac_selinux_fix(const char *path, bool ignore_enoent, bool ignore_erofs);
--- a/src/core/main.c
+++ b/src/core/main.c
@ -1369,7 +1369,7 @@ int main(int argc, char *argv[]) {
                        dual_timestamp_get(&security_finish_timestamp);
                }

-                if (mac_selinux_init(NULL) < 0) {
+                if (mac_selinux_init() < 0) {
                        error_message = "Failed to initialize SELinux policy";
                        goto finish;
                }
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@ -706,7 +706,7 @@ int main(int argc, char *argv[]) {
        log_open();

        umask(0022);
-        mac_selinux_init("/etc");
+        mac_selinux_init();

        if (argc != 1) {
                log_error("This program takes no arguments.");
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@ -1296,7 +1296,7 @@ int main(int argc, char *argv[]) {
        log_open();

        umask(0022);
-        mac_selinux_init("/etc");
+        mac_selinux_init();

        if (argc != 1) {
                log_error("This program takes no arguments.");
--- a/src/login/logind.c
+++ b/src/login/logind.c
@ -1126,7 +1126,7 @@ int main(int argc, char *argv[]) {
                goto finish;
        }

-        r = mac_selinux_init("/run");
+        r = mac_selinux_init();
        if (r < 0) {
                log_error_errno(r, "Could not initialize labelling: %m");
                goto finish;
--- a/src/resolve/resolved.c
+++ b/src/resolve/resolved.c
@ -48,7 +48,7 @@ int main(int argc, char *argv[]) {

        umask(0022);

-        r = mac_selinux_init(NULL);
+        r = mac_selinux_init();
        if (r < 0) {
                log_error_errno(r, "SELinux setup failed: %m");
                goto finish;
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@ -1820,7 +1820,7 @@ int main(int argc, char *argv[]) {

        umask(0022);

-        r = mac_selinux_init(NULL);
+        r = mac_selinux_init();
        if (r < 0) {
                log_error_errno(r, "SELinux setup failed: %m");
                goto finish;
--- a/src/test/test-udev.c
+++ b/src/test/test-udev.c
@ -93,7 +93,7 @@ int main(int argc, char *argv[]) {
                return EXIT_FAILURE;

        log_debug("version %s", VERSION);
-        mac_selinux_init("/dev");
+        mac_selinux_init();

        action = argv[1];
        if (action == NULL) {
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@ -173,7 +173,7 @@ static int context_write_data_local_rtc(Context *c) {
                }
        }

-        mac_selinux_init("/etc");
+        mac_selinux_init();
        return write_string_file_atomic_label("/etc/adjtime", w);
 }

--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@ -2288,7 +2288,7 @@ int main(int argc, char *argv[]) {

        umask(0022);

-        mac_selinux_init(NULL);
+        mac_selinux_init();

        items = ordered_hashmap_new(&string_hash_ops);
        globs = ordered_hashmap_new(&string_hash_ops);
--- a/src/udev/udevadm.c
+++ b/src/udev/udevadm.c
@ -93,7 +93,7 @@ int main(int argc, char *argv[]) {

        log_parse_environment();
        log_open();
-        mac_selinux_init("/dev");
+        mac_selinux_init();

        while ((c = getopt_long(argc, argv, "+dhV", options, NULL)) >= 0)
                switch (c) {
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@ -1695,7 +1695,7 @@ int main(int argc, char *argv[]) {

        umask(022);

-        r = mac_selinux_init("/dev");
+        r = mac_selinux_init();
        if (r < 0) {
                log_error_errno(r, "could not initialize labelling: %m");
                goto exit;
--- a/src/update-done/update-done.c
+++ b/src/update-done/update-done.c
@ -101,7 +101,7 @@ int main(int argc, char *argv[]) {
                return EXIT_FAILURE;
        }

-        r = mac_selinux_init(NULL);
+        r = mac_selinux_init();
        if (r < 0) {
                log_error_errno(r, "SELinux setup failed: %m");
                goto finish;
--- a/src/user-sessions/user-sessions.c
+++ b/src/user-sessions/user-sessions.c
@ -40,7 +40,7 @@ int main(int argc, char*argv[]) {

        umask(0022);

-        mac_selinux_init(NULL);
+        mac_selinux_init();

        if (streq(argv[1], "start")) {
                int r = 0;