Merge pull request #860 from walyong/smack_v11

Smack v11: set only the default smack process label if the command path has no execute label
author: Daniel Mack <github@zonque.org> 2015-08-04 14:27:09 +0200
committer: Daniel Mack <github@zonque.org> 2015-08-04 14:27:09 +0200
commit: ee80b4b2977186883aab6b90adcb87c7a4b24ea3 (patch)
tree: fc00d0ef4918737450f6872cd9b547db27bd1804 /src/core/execute.c
parent: 5977db2a3acd86214ad214fe692fd354f46c5955 (diff)
parent: e419a0e31089994ecd1d9019c791e63d13b37584 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index 21721dc240..f14ae4d8a6 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1719,7 +1719,15 @@ static int exec_child(
                 }
 #ifdef SMACK_DEFAULT_PROCESS_LABEL
                 else {
-                        r = mac_smack_apply_pid(0, SMACK_DEFAULT_PROCESS_LABEL);
+                        _cleanup_free_ char *exec_label = NULL;
+
+                        r = mac_smack_read(command->path, SMACK_ATTR_EXEC, &exec_label);
+                        if (r < 0 && r != -ENODATA && r != -EOPNOTSUPP) {
+                                *exit_status = EXIT_SMACK_PROCESS_LABEL;
+                                return r;
+                        }
+
+                        r = mac_smack_apply_pid(0, exec_label ? : SMACK_DEFAULT_PROCESS_LABEL);
                         if (r < 0) {
                                 *exit_status = EXIT_SMACK_PROCESS_LABEL;
                                 return r;
author	Daniel Mack <github@zonque.org>	2015-08-04 14:27:09 +0200
committer	Daniel Mack <github@zonque.org>	2015-08-04 14:27:09 +0200
commit	ee80b4b2977186883aab6b90adcb87c7a4b24ea3 (patch)
tree	fc00d0ef4918737450f6872cd9b547db27bd1804 /src/core/execute.c
parent	5977db2a3acd86214ad214fe692fd354f46c5955 (diff)
parent	e419a0e31089994ecd1d9019c791e63d13b37584 (diff)