diff options
| author |  Reiner Herrmann <reiner@reiner-h.de> | 2020-10-06 18:42:30 +0200 |
|---|---|---|
| committer | Reiner Herrmann <reiner@reiner-h.de> | 2020-10-06 18:42:30 +0200 |
| commit | da13836d202c286a1d8cf837f506fa2ffe80d76f (patch) | |
| tree | 469ab74b8a90d86a0182e49a6cdb6b19a4688ec8 | |
| parent | selinux: don't try to relabel path when selinux is not enabled (diff) | |
| download | firejail-da13836d202c286a1d8cf837f506fa2ffe80d76f.tar.gz firejail-da13836d202c286a1d8cf837f506fa2ffe80d76f.tar.zst firejail-da13836d202c286a1d8cf837f506fa2ffe80d76f.zip | |
selinux: exit when selinux is enabled but opening handle fails
| -rw-r--r-- | src/firejail/selinux.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/firejail/selinux.c b/src/firejail/selinux.c index b29c484b4..dd776fcce 100644 --- a/src/firejail/selinux.c +++ b/src/firejail/selinux.c | |||
| @@ -49,6 +49,9 @@ void selinux_relabel_path(const char *path, const char *inside_path) | |||
| 49 | if (!label_hnd) | 49 | if (!label_hnd) |
| 50 | label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); | 50 | label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); |
| 51 | 51 | ||
| 52 | if (!label_hnd) | ||
| 53 | errExit("selabel_open"); | ||
| 54 | |||
| 52 | /* Open the file as O_PATH, to pin it while we determine and adjust the label */ | 55 | /* Open the file as O_PATH, to pin it while we determine and adjust the label */ |
| 53 | fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); | 56 | fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); |
| 54 | if (fd < 0) | 57 | if (fd < 0) |