summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog6
-rw-r--r--src/archives.c10
2 files changed, 14 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index 2200e6f..26d5d98 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,11 @@
dpkg (1.16.6) UNRELEASED; urgency=low
+ [ Guillem Jover ]
+ * Do not translate SE Linux context to human readable form while unpacking,
+ as that might cause the operation to fail if the mcstransd daemon
+ stopped running during the transaction. Closes: #679641
+ Thanks to Russell Coker <russell@coker.com.au>.
+
[ Updated scripts translations ]
* German (Helge Kreutzmann).
diff --git a/src/archives.c b/src/archives.c
index 3a4baa0..4434be5 100644
--- a/src/archives.c
+++ b/src/archives.c
@@ -479,9 +479,15 @@ tarobject_set_se_context(const char *matchpath, const char *path, mode_t mode)
return;
/* Set selinux_enabled if it is not already set (singleton). */
- if (selinux_enabled < 0)
+ if (selinux_enabled < 0) {
selinux_enabled = (is_selinux_enabled() > 0);
+ /* Do not translate from computer to human readable forms, to avoid
+ * issues when mcstransd has disappeared during the unpack process. */
+ if (selinux_enabled)
+ set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
+ }
+
/* If SE Linux is not enabled just do nothing. */
if (!selinux_enabled)
return;
@@ -496,7 +502,7 @@ tarobject_set_se_context(const char *matchpath, const char *path, mode_t mode)
return;
if (strcmp(scontext, "<<none>>") != 0) {
- if (lsetfilecon(path, scontext) < 0)
+ if (lsetfilecon_raw(path, scontext) < 0)
/* XXX: This might need to be fatal instead!? */
perror("Error setting security context for next file object:");
}