summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am1
-rw-r--r--src/update-done/update-done.c25
2 files changed, 21 insertions, 5 deletions
diff --git a/Makefile.am b/Makefile.am
index 1e4cfb31f1..1cb7712386 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1771,6 +1771,7 @@ systemd_update_done_SOURCES = \
systemd_update_done_LDADD = \
libsystemd-internal.la \
+ libsystemd-label.la \
libsystemd-shared.la
# ------------------------------------------------------------------------------
diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c
index 10ba85ca92..b199a68972 100644
--- a/src/update-done/update-done.c
+++ b/src/update-done/update-done.c
@@ -20,6 +20,7 @@
***/
#include "util.h"
+#include "label.h"
static int apply_timestamp(const char *path, struct timespec *ts) {
struct timespec twice[2];
@@ -51,10 +52,20 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
} else if (errno == ENOENT) {
_cleanup_close_ int fd = -1;
+ int r;
/* The timestamp file doesn't exist yet? Then let's create it. */
+ r = label_context_set(path, S_IFREG);
+ if (r < 0) {
+ log_error("Failed to set SELinux context for %s: %s",
+ path, strerror(-r));
+ return r;
+ }
+
fd = open(path, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
+ label_context_clear();
+
if (fd < 0) {
if (errno == EROFS) {
@@ -83,7 +94,7 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
int main(int argc, char *argv[]) {
struct stat st;
- int r, q;
+ int r, q = 0;
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
@@ -94,11 +105,15 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
}
- r = apply_timestamp("/etc/.updated", &st.st_mtim);
+ r = label_init(NULL);
+ if (r < 0) {
+ log_error("SELinux setup failed: %s", strerror(-r));
+ goto finish;
+ }
+ r = apply_timestamp("/etc/.updated", &st.st_mtim);
q = apply_timestamp("/var/.updated", &st.st_mtim);
- if (q < 0 && r == 0)
- r = q;
- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+finish:
+ return r < 0 || q < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}