diff options
| -rw-r--r-- | src/shared/selinux-util.c | 8 | ||||
| -rw-r--r-- | src/shared/selinux-util.h | 2 |
2 files changed, 3 insertions, 7 deletions
diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c index a374c277a8..7f8cc0eb76 100644 --- a/src/shared/selinux-util.c +++ b/src/shared/selinux-util.c @@ -231,7 +231,7 @@ int mac_selinux_get_our_label(char **label) { return r; } -int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, char **label) { +int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **label) { int r = -EOPNOTSUPP; #ifdef HAVE_SELINUX @@ -255,11 +255,7 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, char **label if (r < 0) return -errno; - r = getexeccon(&fcon); - if (r < 0) - return -errno; - - if (!fcon) { + if (!exec_label) { /* If there is no context set for next exec let's use context of target executable */ r = getfilecon(exe, &fcon); diff --git a/src/shared/selinux-util.h b/src/shared/selinux-util.h index dffd144513..744b1bcf45 100644 --- a/src/shared/selinux-util.h +++ b/src/shared/selinux-util.h @@ -35,7 +35,7 @@ int mac_selinux_apply(const char *path, const char *label); int mac_selinux_get_create_label_from_exe(const char *exe, char **label); int mac_selinux_get_our_label(char **label); -int mac_selinux_get_child_mls_label(int socket_fd, const char *exec, char **label); +int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **label); void mac_selinux_free(char *label); int mac_selinux_create_file_prepare(const char *path, mode_t mode); |