symbol_files = $(top_srcdir)/src/libostree/libostree-released.sym
# Uncomment this include when adding new development symbols.
-#if BUILDOPT_IS_DEVEL_BUILD
-#symbol_files += $(top_srcdir)/src/libostree/libostree-devel.sym
-#endif
+if BUILDOPT_IS_DEVEL_BUILD
+symbol_files += $(top_srcdir)/src/libostree/libostree-devel.sym
+endif
# http://blog.jgc.org/2007/06/escaping-comma-and-space-in-gnu-make.html
wl_versionscript_arg = -Wl,--version-script=
OstreeSePolicy
ostree_sepolicy_new
ostree_sepolicy_new_at
+ostree_sepolicy_new_from_commit
ostree_sepolicy_get_path
ostree_sepolicy_get_name
ostree_sepolicy_get_label
- uncomment the include in Makefile-libostree.am
*/
+LIBOSTREE_2021.5 {
+global:
+ ostree_sepolicy_new_from_commit;
+} LIBOSTREE_2021.4;
+
/* Stub section for the stable release *after* this development one; don't
* edit this other than to update the year. This is just a copy/paste
* source. Replace $LASTSTABLE with the last stable version, and $NEWVERSION
g_clear_pointer (&modifier->devino_cache, (GDestroyNotify)g_hash_table_unref);
g_clear_object (&modifier->sepolicy);
- (void) glnx_tmpdir_delete (&modifier->sepolicy_tmpdir, NULL, NULL);
g_free (modifier);
return;
GCancellable *cancellable,
GError **error)
{
- GLNX_AUTO_PREFIX_ERROR ("setting sepolicy from commit", error);
- g_autofree char *commit = NULL;
- g_autoptr(GFile) root = NULL;
- if (!ostree_repo_read_commit (repo, rev, &root, &commit, cancellable, error))
- return FALSE;
- const char policypath[] = "usr/etc/selinux";
- g_autoptr(GFile) policyroot = g_file_get_child (root, policypath);
- if (!g_file_query_exists (policyroot, NULL))
- return TRUE; /* No policy, nothing to do */
-
- GLnxTmpDir tmpdir = {0,};
- if (!glnx_mkdtemp ("ostree-commit-sepolicy-XXXXXX", 0700, &tmpdir, error))
- return FALSE;
- if (!glnx_shutil_mkdir_p_at (tmpdir.fd, "usr/etc", 0755, cancellable, error))
- return FALSE;
-
- OstreeRepoCheckoutAtOptions coopts = {0,};
- coopts.mode = OSTREE_REPO_CHECKOUT_MODE_USER;
- coopts.subpath = glnx_strjoina ("/", policypath);
-
- if (!ostree_repo_checkout_at (repo, &coopts, tmpdir.fd, policypath, commit, cancellable, error))
- return glnx_prefix_error (error, "policy checkout");
-
- g_autoptr(OstreeSePolicy) policy = ostree_sepolicy_new_at (tmpdir.fd, cancellable, error);
+ g_autoptr(OstreeSePolicy) policy = ostree_sepolicy_new_from_commit (repo, rev, cancellable, error);
if (!policy)
- return glnx_prefix_error (error, "reading policy");
-
+ return FALSE;
ostree_repo_commit_modifier_set_sepolicy (modifier, policy);
- /* Transfer ownership */
- modifier->sepolicy_tmpdir = tmpdir;
- tmpdir.initialized = FALSE;
-
return TRUE;
}
#include "otutil.h"
#include "ostree-sepolicy.h"
+#include "ostree-repo.h"
#include "ostree-sepolicy-private.h"
#include "ostree-bootloader-uboot.h"
#include "ostree-bootloader-syslinux.h"
int rootfs_dfd;
int rootfs_dfd_owned;
GFile *path;
+ GLnxTmpDir tmpdir;
#ifdef HAVE_SELINUX
GFile *selinux_policy_root;
{
OstreeSePolicy *self = OSTREE_SEPOLICY (object);
+ (void) glnx_tmpdir_delete (&self->tmpdir, NULL, NULL);
+
g_clear_object (&self->path);
if (self->rootfs_dfd_owned != -1)
(void) close (self->rootfs_dfd_owned);
#endif
+/**
+ * ostree_sepolicy_new_from_commit:
+ * @repo: The repo
+ * @rev: ostree ref or checksum
+ * @cancellable: Cancellable
+ * @error: Error
+ *
+ * Extract the SELinux policy from a commit object via a partial checkout. This is useful
+ * for labeling derived content as separate commits.
+ *
+ * This function is the backend of `ostree_repo_commit_modifier_set_sepolicy_from_commit()`.
+ *
+ * Returns: (transfer full): A new policy
+ */
+OstreeSePolicy*
+ostree_sepolicy_new_from_commit (OstreeRepo *repo,
+ const char *rev,
+ GCancellable *cancellable,
+ GError **error)
+{
+ GLNX_AUTO_PREFIX_ERROR ("setting sepolicy from commit", error);
+ g_autoptr(GFile) root = NULL;
+ g_autofree char *commit = NULL;
+ if (!ostree_repo_read_commit (repo, rev, &root, &commit, cancellable, error))
+ return NULL;
+ const char policypath[] = "usr/etc/selinux";
+ g_autoptr(GFile) policyroot = g_file_get_child (root, policypath);
+
+ GLnxTmpDir tmpdir = {0,};
+ if (!glnx_mkdtemp ("ostree-commit-sepolicy-XXXXXX", 0700, &tmpdir, error))
+ return FALSE;
+ if (!glnx_shutil_mkdir_p_at (tmpdir.fd, "usr/etc", 0755, cancellable, error))
+ return FALSE;
+
+ if (g_file_query_exists (policyroot, NULL))
+ {
+ OstreeRepoCheckoutAtOptions coopts = {0,};
+ coopts.mode = OSTREE_REPO_CHECKOUT_MODE_USER;
+ coopts.subpath = glnx_strjoina ("/", policypath);
+
+ if (!ostree_repo_checkout_at (repo, &coopts, tmpdir.fd, policypath, commit, cancellable, error))
+ return glnx_prefix_error_null (error, "policy checkout");
+ }
+
+ OstreeSePolicy *ret = ostree_sepolicy_new_at (tmpdir.fd, cancellable, error);
+ if (!ret)
+ return NULL;
+ /* Transfer ownership of tmpdir */
+ ret->tmpdir = tmpdir;
+ tmpdir.initialized = FALSE;
+ return ret;
+}
/* Workaround for http://marc.info/?l=selinux&m=149323809332417&w=2 */
#ifdef HAVE_SELINUX
GCancellable *cancellable,
GError **error);
+_OSTREE_PUBLIC
+OstreeSePolicy* ostree_sepolicy_new_from_commit (OstreeRepo *repo,
+ const char *rev,
+ GCancellable *cancellable,
+ GError **error);
_OSTREE_PUBLIC
GFile * ostree_sepolicy_get_path (OstreeSePolicy *self);
projects / ostree.git / commitdiff