Blob Blame History Raw
From 5d6c2c9b3869938592025ce169659f0c7e9970fc Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 2 Dec 2019 14:02:02 +0100
Subject: [PATCH] chcon: do not validate security context if SELinux is
 disabled

* src/chcon.c (main): Skip call of security_check_context()
in case SELinux is disabled to avoid unnecessary failure.

Bug: https://bugzilla.redhat.com/1777831

Upstream-commit: 5118a2e392c8cffb3c26eaffbb75e2b1ef7607f9
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
 src/chcon.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/chcon.c b/src/chcon.c
index 6414406..eea4235 100644
--- a/src/chcon.c
+++ b/src/chcon.c
@@ -18,6 +18,7 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <getopt.h>
+#include <selinux/selinux.h>
 
 #include "system.h"
 #include "dev-ino.h"
@@ -557,7 +558,8 @@ main (int argc, char **argv)
   else
     {
       specified_context = argv[optind++];
-      if (security_check_context (se_const (specified_context)) < 0)
+      if (0 < is_selinux_enabled ()
+          && security_check_context (se_const (specified_context)) < 0)
         die (EXIT_FAILURE, errno, _("invalid context: %s"),
              quote (specified_context));
     }
-- 
2.21.1