Verified Commit bde9f102 authored by Thomas Haller's avatar Thomas Haller

core: avoid deprecated matchfilecon SELinux API instead of selabel

The matchfilecon API is deprecated for a very long time. Since selinux 3.1
the functions are also marked as deprecated in the header, which causes
compiler warnings and build failures.

Update the code to use selabel API instead.

(cherry picked from commit 173533c3)
(cherry picked from commit f5aafb9d)
parent 12387d8a
Pipeline #195760 passed with stage
in 30 minutes and 46 seconds
......@@ -11,6 +11,7 @@
#include <selinux/selinux.h>
#include <selinux/label.h>
#include "nm-libnm-core-intern/nm-common-macros.h"
......@@ -345,8 +346,8 @@ nm_hostname_manager_write_hostname (NMHostnameManager *self, const char *hostnam
gs_unref_variant GVariant *var = NULL;
struct stat file_stat;
security_context_t se_ctx_prev = NULL, se_ctx = NULL;
mode_t st_mode = 0;
gboolean fcon_was_set = FALSE;
char *fcon_prev = NULL;
g_return_val_if_fail (NM_IS_HOSTNAME_MANAGER (self), FALSE);
......@@ -376,16 +377,6 @@ nm_hostname_manager_write_hostname (NMHostnameManager *self, const char *hostnam
&& (link_path = nm_utils_read_link_absolute (file, NULL)))
file = link_path;
/* Get default context for hostname file and set it for fscreate */
if (stat (file, &file_stat) == 0)
st_mode = file_stat.st_mode;
matchpathcon (file, st_mode, &se_ctx);
matchpathcon_fini ();
getfscreatecon (&se_ctx_prev);
setfscreatecon (se_ctx);
hostname_eol = g_strdup_printf ("#Generated by NetworkManager\n"
"hostname=\"%s\"\n", hostname);
......@@ -393,13 +384,39 @@ nm_hostname_manager_write_hostname (NMHostnameManager *self, const char *hostnam
hostname_eol = g_strdup_printf ("%s\n", hostname);
/* Get default context for hostname file and set it for fscreate */
struct selabel_handle *handle;
handle = selabel_open (SELABEL_CTX_FILE, NULL, 0);
if (handle) {
mode_t st_mode = 0;
char *fcon = NULL;
if (stat (file, &file_stat) == 0)
st_mode = file_stat.st_mode;
if ( (selabel_lookup (handle, &fcon, file, st_mode) == 0)
&& (getfscreatecon (&fcon_prev) == 0)) {
setfscreatecon (fcon);
fcon_was_set = TRUE;
selabel_close (handle);
freecon (fcon);
ret = g_file_set_contents (file, hostname_eol, -1, &error);
/* Restore previous context and cleanup */
setfscreatecon (se_ctx_prev);
freecon (se_ctx);
freecon (se_ctx_prev);
if (fcon_was_set)
setfscreatecon (fcon_prev);
if (fcon_prev)
freecon (fcon_prev);
g_free (hostname_eol);
