代码拉取完成,页面将自动刷新
From c67be1c7d69a0662ab85720aa0209110c39479f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 27 Nov 2019 19:43:47 +0100
Subject: [PATCH] core: reload SELinux label cache on daemon-reload
Reloading the SELinux label cache here enables a light-wight follow-up of a SELinux policy change, e.g. adding a label for a RuntimeDirectory.
Closes: #13363
(cherry picked from commit a9dfac21ec850eb5dcaf1ae9ef729389e4c12802)
Resolves: #1888912
---
src/basic/selinux-util.c | 20 ++++++++++++++++++++
src/basic/selinux-util.h | 1 +
src/core/main.c | 2 ++
3 files changed, 23 insertions(+)
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
index e15bd7e1fa..f69d88eb1e 100644
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -105,6 +105,26 @@ void mac_selinux_finish(void) {
#endif
}
+void mac_selinux_reload(void) {
+
+#if HAVE_SELINUX
+ struct selabel_handle *backup_label_hnd;
+
+ if (!label_hnd)
+ return;
+
+ backup_label_hnd = TAKE_PTR(label_hnd);
+
+ /* try to initialize new handle
+ * on success close backup
+ * on failure restore backup */
+ if (mac_selinux_init() == 0)
+ selabel_close(backup_label_hnd);
+ else
+ label_hnd = backup_label_hnd;
+#endif
+}
+
int mac_selinux_fix(const char *path, LabelFixFlags flags) {
#if HAVE_SELINUX
diff --git a/src/basic/selinux-util.h b/src/basic/selinux-util.h
index 08314057fb..abcfabe777 100644
--- a/src/basic/selinux-util.h
+++ b/src/basic/selinux-util.h
@@ -13,6 +13,7 @@ void mac_selinux_retest(void);
int mac_selinux_init(void);
void mac_selinux_finish(void);
+void mac_selinux_reload(void);
int mac_selinux_fix(const char *path, LabelFixFlags flags);
int mac_selinux_apply(const char *path, const char *label);
diff --git a/src/core/main.c b/src/core/main.c
index d897155644..d5c41da0c4 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1682,6 +1682,8 @@ static int invoke_main_loop(
saved_log_level = m->log_level_overridden ? log_get_max_level() : -1;
saved_log_target = m->log_target_overridden ? log_get_target() : _LOG_TARGET_INVALID;
+ mac_selinux_reload();
+
(void) parse_configuration(saved_rlimit_nofile, saved_rlimit_memlock);
set_manager_defaults(m);
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。