checkout: don't apply SELinux labeling in user mode

author Jonathan Lebon <jlebon@redhat.com>

Fri, 2 Jun 2017 14:06:50 +0000 (10:06 -0400)

committer Atomic Bot <atomic-devel@projectatomic.io>

Fri, 2 Jun 2017 17:46:16 +0000 (17:46 +0000)
author Jonathan Lebon <jlebon@redhat.com>
Fri, 2 Jun 2017 14:06:50 +0000 (10:06 -0400)
committer Atomic Bot <atomic-devel@projectatomic.io>
Fri, 2 Jun 2017 17:46:16 +0000 (17:46 +0000)
diff --git a/src/libostree/ostree-repo-checkout.c b/src/libostree/ostree-repo-checkout.c

index 360c939f8541c72efed64e41bea8794411b93453..8dbe49e3a3bb69dbd0e3f5cbf84daecf4b997ecb 100644 (file)
--- a/src/libostree/ostree-repo-checkout.c
+++ b/src/libostree/ostree-repo-checkout.c
@@ -261,14 +261,14 @@ create_file_copy_from_input_at (OstreeRepo     *repo,
                                          &tmpf, error))
          return FALSE;
  
-      if (sepolicy_enabled)
+      if (sepolicy_enabled && options->mode != OSTREE_REPO_CHECKOUT_MODE_USER)
          {
            g_autofree char *label = NULL;
-          if (!ostree_sepolicy_get_label (options->sepolicy,
-                                          state->selabel_path_buf->str,
+          if (!ostree_sepolicy_get_label (options->sepolicy, state->selabel_path_buf->str,
                                            g_file_info_get_attribute_uint32 (file_info, "unix::mode"),
                                            &label, cancellable, error))
              return FALSE;
+
            if (fsetxattr (tmpf.fd, "security.selinux", label, strlen (label), 0) < 0)
              return glnx_throw_errno_prefix (error, "Setting security.selinux");
          }
author	Jonathan Lebon <jlebon@redhat.com>
	Fri, 2 Jun 2017 14:06:50 +0000 (10:06 -0400)
committer	Atomic Bot <atomic-devel@projectatomic.io>
	Fri, 2 Jun 2017 17:46:16 +0000 (17:46 +0000)