diff options
| author |  Reiner Herrmann <reiner@reiner-h.de> | 2020-10-06 19:02:12 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2020-10-06 19:02:12 +0200 |
| commit | 9e316b9d652d240b71155b1bc8f73edd2580a0b6 (patch) | |
| tree | 2fb37c62961a11c1fdc794eb52f6c768cda63572 | |
| parent | Merge pull request #3656 from Neo00001/patch-1 (diff) | |
| parent | selinux: exit when selinux is enabled but opening handle fails (diff) | |
| download | firejail-9e316b9d652d240b71155b1bc8f73edd2580a0b6.tar.gz firejail-9e316b9d652d240b71155b1bc8f73edd2580a0b6.tar.zst firejail-9e316b9d652d240b71155b1bc8f73edd2580a0b6.zip | |
Merge pull request #3657 from netblue30/selinux
| -rw-r--r-- | src/firejail/selinux.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/firejail/selinux.c b/src/firejail/selinux.c index c761916b7..dd776fcce 100644 --- a/src/firejail/selinux.c +++ b/src/firejail/selinux.c | |||
| @@ -43,12 +43,15 @@ void selinux_relabel_path(const char *path, const char *inside_path) | |||
| 43 | if (selinux_enabled == -1) | 43 | if (selinux_enabled == -1) |
| 44 | selinux_enabled = is_selinux_enabled(); | 44 | selinux_enabled = is_selinux_enabled(); |
| 45 | 45 | ||
| 46 | if (!selinux_enabled && arg_debug) | 46 | if (!selinux_enabled) |
| 47 | return; | 47 | return; |
| 48 | 48 | ||
| 49 | if (!label_hnd) | 49 | if (!label_hnd) |
| 50 | label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); | 50 | label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); |
| 51 | 51 | ||
| 52 | if (!label_hnd) | ||
| 53 | errExit("selabel_open"); | ||
| 54 | |||
| 52 | /* Open the file as O_PATH, to pin it while we determine and adjust the label */ | 55 | /* Open the file as O_PATH, to pin it while we determine and adjust the label */ |
| 53 | fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); | 56 | fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); |
| 54 | if (fd < 0) | 57 | if (fd < 0) |