[Rpm-maint] [PATCH 18/18] Keep track if matchpathcon_init has succeeded

Wed Dec 23 20:57:38 UTC 2009

Currently, RPMTRANS_FLAG_NOCONTEXTS is used to signify that --nocontexts
is specified or that matchpathcon_init fails. With the policy changes made
in previous patches, it is necessary to make a distinction. This is because
matchpathcon_init may fail at one point, but succeed at another. This patch
makes a clear distinction between the two cases making it easier to determine
if files should actually be labeled. It does this by adding a boolean to
the rpmts structure which stores the success/failure of matchpathcon_init.

This should also make it easier to switch to the newer selabel interfaces
rather than the matchpathcon interfaces.
---
 lib/fsm.c            |    4 ++--
 lib/rpmpol.c         |    3 +++
 lib/rpmts.c          |   12 ++++++++++++
 lib/rpmts.h          |   14 ++++++++++++++
 lib/rpmts_internal.h |    1 +
 lib/transaction.c    |    5 ++++-
 6 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/lib/fsm.c b/lib/fsm.c
index 838e703..394e4e4 100644
--- a/lib/fsm.c
+++ b/lib/fsm.c
@@ -599,7 +599,7 @@ static int fsmMapFContext(FSM_t fsm)
      * Find file security context (if not disabled).
      */
     fsm->fcontext = NULL;
-    if (ts != NULL && !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) {
+    if (ts != NULL && !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS) && rpmtsContextsInit(ts)) {
 	security_context_t scon = NULL;
 
 	if (matchpathcon(fsm->path, st->st_mode, &scon) == 0 && scon != NULL) {
@@ -1235,7 +1235,7 @@ static int fsmMkdirs(FSM_t fsm)
 		if (!rc) {
 		    /* XXX FIXME? only new dir will have context set. */
 		    /* Get file security context from patterns. */
-		    if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) {
+		    if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS) && rpmtsContextsInit(ts)) {
 			if (matchpathcon(fsm->path, st->st_mode, &scon) == 0 &&
 			    scon != NULL) {
             		    fsm->fcontext = scon;
diff --git a/lib/rpmpol.c b/lib/rpmpol.c
index 4de17ba..0165d16 100644
--- a/lib/rpmpol.c
+++ b/lib/rpmpol.c
@@ -1318,6 +1318,9 @@ rpmRC rpmpolsInstall(rpmpols ps, rpmts ts)
 		matchpathcon_fini();
 		if (matchpathcon_init(selinux_file_context_path()) == -1) {
 			rpmlog(RPMLOG_WARNING, _("Failed to read new file contexts. New files may be mislabeled.\n"));
+			rpmtsSetContextsInit(ts, 0);
+		} else {
+			rpmtsSetContextsInit(ts, 1);
 		}
 	}
 
diff --git a/lib/rpmts.c b/lib/rpmts.c
index de640d4..2033a3e 100644
--- a/lib/rpmts.c
+++ b/lib/rpmts.c
@@ -710,6 +710,18 @@ void rpmtsSetPostponePolicy(rpmts ts, int postpone)
 	}
 }
 
+int rpmtsContextsInit(rpmts ts)
+{
+	return (ts != NULL ? ts->contextsInit : 0);
+}
+
+void rpmtsSetContextsInit(rpmts ts, int contextsInit)
+{
+	if (ts != NULL) {
+		ts->contextsInit = contextsInit;
+	}
+}
+
 int rpmtsChrootDone(rpmts ts)
 {
     return (ts != NULL ? ts->chrootDone : 0);
diff --git a/lib/rpmts.h b/lib/rpmts.h
index d263365..bee484d 100644
--- a/lib/rpmts.h
+++ b/lib/rpmts.h
@@ -436,6 +436,20 @@ int rpmtsPostponePolicy(rpmts ts);
 void rpmtsSetPostponePolicy(rpmts ts, int postpone);
 
 /** \ingroup rpmts
+ * Has matchpathcon been initialized
+ * @param ts		transaction set
+ * @return		boolean value if matchpathcon has been initialized or not
+ */
+int rpmtsContextsInit(rpmts ts);
+
+/** \ingroup rpmts
+ * Set if policy should be postponed or not
+ * @param ts		transaction set
+ * @param contextsInit	have contexts been init or not
+ */
+void rpmtsSetContextsInit(rpmts ts, int contextsInit);
+
+/** \ingroup rpmts
  * Get chrootDone flag, i.e. has chroot(2) been performed?
  * @param ts		transaction set
  * @return		chrootDone flag
diff --git a/lib/rpmts_internal.h b/lib/rpmts_internal.h
index 6eef287..93344b8 100644
--- a/lib/rpmts_internal.h
+++ b/lib/rpmts_internal.h
@@ -48,6 +48,7 @@ struct rpmts_s {
 
     int selinuxEnabled;		/*!< Is SE linux enabled? */
     int postponePolicy;		/*!< Should policy be postponed? */
+    int contextsInit;		/*!< Has matchpathcon been inited? */
 
     int chrootDone;		/*!< Has chroot(2) been been done? */
     char * rootDir;		/*!< Path to top of install tree. */
diff --git a/lib/transaction.c b/lib/transaction.c
index 5a893c9..162d687 100644
--- a/lib/transaction.c
+++ b/lib/transaction.c
@@ -1380,7 +1380,9 @@ static rpmRC rpmtsInitSELinux(rpmts ts)
 	/* initialize matchpathcon */
 	if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) {
 		if (matchpathcon_init(selinux_file_context_path()) == -1) {
-			rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS));
+			rpmtsSetContextsInit(ts, 0);
+		} else {
+			rpmtsSetContextsInit(ts, 1);
 		}
 	}
 
@@ -1498,6 +1500,7 @@ static int rpmtsFinish(rpmts ts)
 {
     if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) {
 	matchpathcon_fini();
+	rpmtsSetContextsInit(ts, 0);
     }
     return 0;
 }
-- 
1.6.0.6

