diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-02-17 16:52:52 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-02-17 16:52:52 +0100 |
| commit | 5f8640fb628cb034981e02d741fd9ddf26fdf38d (patch) | |
| tree | a861f6da5ba7e87cc413683b5e66a4302d17c61a /src/core/execute.c | |
| parent | 4a3fa6ac77c5236f95963c0a0fdd541d02c6883a (diff) | |
core: store and expose SELinuxContext field normalized as bool + string
Diffstat (limited to 'src/core/execute.c')
| -rw-r--r-- | src/core/execute.c | 18 |
1 files changed, 4 insertions, 14 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index 06ddd5c91c..be15fb95ee 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1572,18 +1572,8 @@ int exec_spawn(ExecCommand *command, #ifdef HAVE_SELINUX if (context->selinux_context && use_selinux()) { - bool ignore; - char* c; - - c = context->selinux_context; - if (c[0] == '-') { - c++; - ignore = true; - } else - ignore = false; - - err = setexeccon(c); - if (err < 0 && !ignore) { + err = setexeccon(context->selinux_context); + if (err < 0 && !context->selinux_context_ignore) { r = EXIT_SELINUX_CONTEXT; goto fail_child; } @@ -2127,8 +2117,8 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { if (c->selinux_context) fprintf(f, - "%sSELinuxContext: %s\n", - prefix, c->selinux_context); + "%sSELinuxContext: %s%s\n", + prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context); if (c->syscall_filter) { #ifdef HAVE_SECCOMP |