From 5d6c2c9b3869938592025ce169659f0c7e9970fc Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 2 Dec 2019 14:02:02 +0100
Subject: [PATCH] chcon: do not validate security context if SELinux is
disabled
* src/chcon.c (main): Skip call of security_check_context()
in case SELinux is disabled to avoid unnecessary failure.
Bug: https://bugzilla.redhat.com/1777831
Upstream-commit: 5118a2e392c8cffb3c26eaffbb75e2b1ef7607f9
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
src/chcon.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/chcon.c b/src/chcon.c
index 6414406..eea4235 100644
--- a/src/chcon.c
+++ b/src/chcon.c
@@ -18,6 +18,7 @@
#include <stdio.h>
#include <sys/types.h>
#include <getopt.h>
+#include <selinux/selinux.h>
#include "system.h"
#include "dev-ino.h"
@@ -557,7 +558,8 @@ main (int argc, char **argv)
else
{
specified_context = argv[optind++];
- if (security_check_context (se_const (specified_context)) < 0)
+ if (0 < is_selinux_enabled ()
+ && security_check_context (se_const (specified_context)) < 0)
die (EXIT_FAILURE, errno, _("invalid context: %s"),
quote (specified_context));
}
--
2.21.1