From c649be35f12331321ef2e5da522d91baa9a77550 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 23 Oct 2014 18:32:22 +0200
Subject: smack: never follow symlinks when relabelling

previously mac_smack_apply(path, NULL) would operate on the symlink
itself while mac_smack_apply(path, "foo") would follow the symlink.
Let's clean this up an always operate on the symlink, which appears to
be the safer option.

Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
---
 src/shared/smack-util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/shared')

diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
index 34f9c68733..8ba4617d85 100644
--- a/src/shared/smack-util.c
+++ b/src/shared/smack-util.c
@@ -50,7 +50,7 @@ int mac_smack_apply(const char *path, const char *label) {
                 return 0;
 
         if (label)
-                r = setxattr(path, "security.SMACK64", label, strlen(label), 0);
+                r = lsetxattr(path, "security.SMACK64", label, strlen(label), 0);
         else
                 r = lremovexattr(path, "security.SMACK64");
         if (r < 0)
-- 
cgit v1.2.3-54-g00ecf