1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
From 58ca300c67ec8aa72e0146ec326281fa92b3259f Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 14 Oct 2016 13:36:37 -0400
Subject: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is
enabled
When a non-MLS policy was used with genhomedircon context_from_record()
in sepol would report an error because an MLS level was present when MLS
is disabled. Based on a patch by Gary Tierney, amended to use
sepol_policydb_mls_enabled rather than semanage_mls_enabled because
we are testing the temporary working policy, not the active policy.
Reported-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
libsemanage/src/genhomedircon.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index 6991fffc31cb..5e9d7224a06e 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -638,7 +638,11 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out,
goto fail;
}
- if (sepol_context_set_user(sepolh, context, user->sename) < 0 ||
+ if (sepol_context_set_user(sepolh, context, user->sename) < 0) {
+ goto fail;
+ }
+
+ if (sepol_policydb_mls_enabled(s->policydb) &&
sepol_context_set_mls(sepolh, context, user->level) < 0) {
goto fail;
}
--
2.10.2
|