diff options
author | Reiner Herrmann <reiner@reiner-h.de> | 2020-10-06 19:02:12 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-06 19:02:12 +0200 |
commit | 9e316b9d652d240b71155b1bc8f73edd2580a0b6 (patch) | |
tree | 2fb37c62961a11c1fdc794eb52f6c768cda63572 | |
parent | Merge pull request #3656 from Neo00001/patch-1 (diff) | |
parent | selinux: exit when selinux is enabled but opening handle fails (diff) | |
download | firejail-9e316b9d652d240b71155b1bc8f73edd2580a0b6.tar.gz firejail-9e316b9d652d240b71155b1bc8f73edd2580a0b6.tar.zst firejail-9e316b9d652d240b71155b1bc8f73edd2580a0b6.zip |
Merge pull request #3657 from netblue30/selinux
-rw-r--r-- | src/firejail/selinux.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/firejail/selinux.c b/src/firejail/selinux.c index c761916b7..dd776fcce 100644 --- a/src/firejail/selinux.c +++ b/src/firejail/selinux.c | |||
@@ -43,12 +43,15 @@ void selinux_relabel_path(const char *path, const char *inside_path) | |||
43 | if (selinux_enabled == -1) | 43 | if (selinux_enabled == -1) |
44 | selinux_enabled = is_selinux_enabled(); | 44 | selinux_enabled = is_selinux_enabled(); |
45 | 45 | ||
46 | if (!selinux_enabled && arg_debug) | 46 | if (!selinux_enabled) |
47 | return; | 47 | return; |
48 | 48 | ||
49 | if (!label_hnd) | 49 | if (!label_hnd) |
50 | label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); | 50 | label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); |
51 | 51 | ||
52 | if (!label_hnd) | ||
53 | errExit("selabel_open"); | ||
54 | |||
52 | /* Open the file as O_PATH, to pin it while we determine and adjust the label */ | 55 | /* Open the file as O_PATH, to pin it while we determine and adjust the label */ |
53 | fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); | 56 | fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); |
54 | if (fd < 0) | 57 | if (fd < 0) |