@@ -974,7 +974,7 @@ int commonio_close (struct commonio_db *db)
snprintf (buf, sizeof buf, "%s-", db->filename);
#ifdef WITH_SELINUX
- if (set_selinux_file_context (buf) != 0) {
+ if (set_selinux_file_context (db->filename, S_IFREG) != 0) {
errors++;
}
#endif
@@ -1007,7 +1007,7 @@ int commonio_close (struct commonio_db *db)
snprintf (buf, sizeof buf, "%s+", db->filename);
#ifdef WITH_SELINUX
- if (set_selinux_file_context (buf) != 0) {
+ if (set_selinux_file_context (db->filename, S_IFREG) != 0) {
errors++;
}
#endif
@@ -334,7 +334,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const
/* selinux.c */
#ifdef WITH_SELINUX
-extern int set_selinux_file_context (const char *dst_name);
+extern int set_selinux_file_context (const char *dst_name, mode_t mode);
extern int reset_selinux_file_context (void);
extern int check_selinux_permit (const char *perm_name);
#endif
@@ -51,7 +51,7 @@ static bool selinux_enabled;
* Callers may have to Reset SELinux to create files with default
* contexts with reset_selinux_file_context
*/
-int set_selinux_file_context (const char *dst_name)
+int set_selinux_file_context (const char *dst_name, mode_t mode)
{
if (!selinux_checked) {
selinux_enabled = is_selinux_enabled () > 0;
@@ -70,7 +70,7 @@ int set_selinux_file_context (const char *dst_name)
return security_getenforce () != 0;
}
- r = selabel_lookup_raw(hnd, &fcontext_raw, dst_name, 0);
+ r = selabel_lookup_raw(hnd, &fcontext_raw, dst_name, mode);
selabel_close(hnd);
if (r < 0) {
/* No context specified for the searched path */
@@ -484,7 +484,7 @@ static int copy_dir (const char *src, const char *dst,
*/
#ifdef WITH_SELINUX
- if (set_selinux_file_context (dst) != 0) {
+ if (set_selinux_file_context (dst, S_IFDIR) != 0) {
return -1;
}
#endif /* WITH_SELINUX */
@@ -605,7 +605,7 @@ static int copy_symlink (const char *src, const char *dst,
}
#ifdef WITH_SELINUX
- if (set_selinux_file_context (dst) != 0) {
+ if (set_selinux_file_context (dst, S_IFLNK) != 0) {
free (oldlink);
return -1;
}
@@ -684,7 +684,7 @@ static int copy_special (const char *src, const char *dst,
int err = 0;
#ifdef WITH_SELINUX
- if (set_selinux_file_context (dst) != 0) {
+ if (set_selinux_file_context (dst, statp->st_mode & S_IFMT) != 0) {
return -1;
}
#endif /* WITH_SELINUX */
@@ -744,7 +744,7 @@ static int copy_file (const char *src, const char *dst,
return -1;
}
#ifdef WITH_SELINUX
- if (set_selinux_file_context (dst) != 0) {
+ if (set_selinux_file_context (dst, S_IFREG) != 0) {
return -1;
}
#endif /* WITH_SELINUX */
@@ -2177,7 +2177,7 @@ static void create_home (void)
++bhome;
#ifdef WITH_SELINUX
- if (set_selinux_file_context (prefix_user_home) != 0) {
+ if (set_selinux_file_context (prefix_user_home, S_IFDIR) != 0) {
fprintf (stderr,
_("%s: cannot set SELinux context for home directory %s\n"),
Prog, user_home);
@@ -2305,7 +2305,7 @@ static void create_mail (void)
sprintf (file, "%s/%s", spool, user_name);
#ifdef WITH_SELINUX
- if (set_selinux_file_context (file) != 0) {
+ if (set_selinux_file_context (file, S_IFREG) != 0) {
fprintf (stderr,
_("%s: cannot set SELinux context for mailbox file %s\n"),
Prog, file);