Sanitize SELinux file context initialization.

- do it in a single spot inside tsRun() - automatically set RPMTRANS_FLAG_NOCONTEXTS if selinux is disabled
2007-09-03 12:23:42 +03:00 · 2007-09-03 12:23:42 +03:00 · 7a50a54390
parent 408d3df3f1
commit 7a50a54390
3 changed files with 18 additions and 27 deletions
--- a/lib/rpminstall.c
+++ b/lib/rpminstall.c
@ -308,19 +308,6 @@ int rpmInstall(rpmts ts,
    if (rpmExpandNumeric("%{?_repackage_all_erasures}"))
 	ia->transFlags |= RPMTRANS_FLAG_REPACKAGE;

-    /* Initialize security context patterns (if not already done). */
-    if (!(ia->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) {
-	rpmsx sx = rpmtsREContext(ts);
-	if (sx == NULL) {
-	    const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
-	    if (fn != NULL && *fn != '\0') {
-		sx = rpmsxNew(fn);
-		(void) rpmtsSetREContext(ts, sx);
-	    }
-	    fn = _free(fn);
-	}
-	sx = rpmsxFree(sx);
-    }
    (void) rpmtsSetFlags(ts, ia->transFlags);

    probFilter = ia->probFilter;
--- a/lib/transaction.c
+++ b/lib/transaction.c
@ -1449,6 +1449,24 @@ int rpmtsRun(rpmts ts, rpmps okProbs, rpmprobFilterFlags ignoreSet)
    if (rpmtsFlags(ts) & RPMTRANS_FLAG_JUSTDB)
 	(void) rpmtsSetFlags(ts, (rpmtsFlags(ts) | _noTransScripts | _noTransTriggers));

+    /* if SELinux isn't enabled or init fails, don't bother... */
+    if (!rpmtsSELinuxEnabled(ts)) {
+        rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS));
+    }
+
+    if (!rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS) {
+        rpmsx sx = rpmtsREContext(ts);
+        if (sx == NULL) {
+            const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
+            if (fn != NULL && *fn != '\0') {
+                sx = rpmsxNew(fn);
+                (void) rpmtsSetREContext(ts, sx);
+            }
+            fn = _free(fn);
+        }
+        sx = rpmsxFree(sx);
+    }
+
    ts->probs = rpmpsFree(ts->probs);
    ts->probs = rpmpsCreate();

--- a/python/rpmts-py.c
+++ b/python/rpmts-py.c
@ -1186,20 +1186,6 @@ rpmts_Run(rpmtsObject * s, PyObject * args, PyObject * kwds)
 	(void) rpmtsSetNotifyCallback(s->ts, rpmtsCallback, (void *) &cbInfo);
    }

-    /* Initialize security context patterns (if not already done). */
-    if (!(s->ts->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) {
-	rpmsx sx = rpmtsREContext(s->ts);
-	if (sx == NULL) {
-	    const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
-	    if (fn != NULL && *fn != '\0') {
-		sx = rpmsxNew(fn);
-		(void) rpmtsSetREContext(s->ts, sx);
-	    }
-	    fn = _free(fn);
-	}
-	sx = rpmsxFree(sx);
-    } 
-
 if (_rpmts_debug)
 fprintf(stderr, "*** rpmts_Run(%p) ts %p ignore %x\n", s, s->ts, s->ignoreSet);