core: avoid deprecated matchfilecon SELinux API instead of selabel

The matchfilecon API is deprecated for a very long time. Since selinux 3.1 the functions are also marked as deprecated in the header, which causes compiler warnings and build failures. Update the code to use selabel API instead. (cherry picked from commit 173533c3b2) (cherry picked from commit f5aafb9da4)
2026-01-12 08:00:26 +01:00 · 2020-08-12 13:31:31 +02:00 · 2020-08-12 13:31:31 +02:00 · bde9f1023f
commit bde9f1023f
parent 12387d8a02
1 changed files with 32 additions and 15 deletions
--- a/src/nm-hostname-manager.c
+++ b/src/nm-hostname-manager.c
@ -11,6 +11,7 @@

 #if HAVE_SELINUX
 #include <selinux/selinux.h>
+#include <selinux/label.h>
 #endif

 #include "nm-libnm-core-intern/nm-common-macros.h"
@ -345,8 +346,8 @@ nm_hostname_manager_write_hostname (NMHostnameManager *self, const char *hostnam
 	gs_unref_variant GVariant *var = NULL;
 	struct stat file_stat;
 #if HAVE_SELINUX
-	security_context_t se_ctx_prev = NULL, se_ctx = NULL;
-	mode_t st_mode = 0;
+	gboolean fcon_was_set = FALSE;
+	char *fcon_prev = NULL;
 #endif

 	g_return_val_if_fail (NM_IS_HOSTNAME_MANAGER (self), FALSE);
@ -376,16 +377,6 @@ nm_hostname_manager_write_hostname (NMHostnameManager *self, const char *hostnam
 	    && (link_path = nm_utils_read_link_absolute (file, NULL)))
 		file = link_path;

-#if HAVE_SELINUX
-	/* Get default context for hostname file and set it for fscreate */
-	if (stat (file, &file_stat) == 0)
-		st_mode = file_stat.st_mode;
-	matchpathcon (file, st_mode, &se_ctx);
-	matchpathcon_fini ();
-	getfscreatecon (&se_ctx_prev);
-	setfscreatecon (se_ctx);
-#endif
-
 #if defined (HOSTNAME_PERSIST_GENTOO)
 	hostname_eol = g_strdup_printf ("#Generated by NetworkManager\n"
 	                                "hostname=\"%s\"\n", hostname);
@ -393,13 +384,39 @@ nm_hostname_manager_write_hostname (NMHostnameManager *self, const char *hostnam
 	hostname_eol = g_strdup_printf ("%s\n", hostname);
 #endif

+#if HAVE_SELINUX
+	/* Get default context for hostname file and set it for fscreate */
+	{
+		struct selabel_handle *handle;
+
+		handle = selabel_open (SELABEL_CTX_FILE, NULL, 0);
+		if (handle) {
+			mode_t st_mode = 0;
+			char *fcon = NULL;
+
+			if (stat (file, &file_stat) == 0)
+				st_mode = file_stat.st_mode;
+
+			if (   (selabel_lookup (handle, &fcon, file, st_mode) == 0)
+			    && (getfscreatecon (&fcon_prev) == 0)) {
+				setfscreatecon (fcon);
+				fcon_was_set = TRUE;
+			}
+
+			selabel_close (handle);
+			freecon (fcon);
+		}
+	}
+#endif
+
 	ret = g_file_set_contents (file, hostname_eol, -1, &error);

 #if HAVE_SELINUX
 	/* Restore previous context and cleanup */
-	setfscreatecon (se_ctx_prev);
-	freecon (se_ctx);
-	freecon (se_ctx_prev);
+	if (fcon_was_set)
+		setfscreatecon (fcon_prev);
+	if (fcon_prev)
+		freecon (fcon_prev);
 #endif

 	g_free (hostname_eol);