From: Jonathan Lebon <jlebon@redhat.com>
Date: Fri, 2 Jun 2017 14:06:50 +0000 (-0400)
Subject: checkout: don't apply SELinux labeling in user mode
X-Git-Tag: archive/raspbian/2022.1-3+rpi1~1^2~4^2~36^2~48
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=3ec2b5773ea1553a70c362c25574978b7bbc932a;p=ostree.git

checkout: don't apply SELinux labeling in user mode

If the user requested a user checkout, we don't want to set the SELinux
label xattr.

Closes: #903
Approved by: cgwalters
---

diff --git a/src/libostree/ostree-repo-checkout.c b/src/libostree/ostree-repo-checkout.c
index 360c939f..8dbe49e3 100644
--- a/src/libostree/ostree-repo-checkout.c
+++ b/src/libostree/ostree-repo-checkout.c
@@ -261,14 +261,14 @@ create_file_copy_from_input_at (OstreeRepo     *repo,
                                         &tmpf, error))
         return FALSE;
 
-      if (sepolicy_enabled)
+      if (sepolicy_enabled && options->mode != OSTREE_REPO_CHECKOUT_MODE_USER)
         {
           g_autofree char *label = NULL;
-          if (!ostree_sepolicy_get_label (options->sepolicy,
-                                          state->selabel_path_buf->str,
+          if (!ostree_sepolicy_get_label (options->sepolicy, state->selabel_path_buf->str,
                                           g_file_info_get_attribute_uint32 (file_info, "unix::mode"),
                                           &label, cancellable, error))
             return FALSE;
+
           if (fsetxattr (tmpf.fd, "security.selinux", label, strlen (label), 0) < 0)
             return glnx_throw_errno_prefix (error, "Setting security.selinux");
         }