[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/2] chcon: use security_check_context() for context validati
|
From: |
Pádraig Brady |
|
Subject: |
Re: [PATCH 1/2] chcon: use security_check_context() for context validation |
|
Date: |
Mon, 30 Jun 2014 16:42:38 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 |
On 06/30/2014 04:12 PM, Namhyung Kim wrote:
> It seems context_new() and _free() are used for checking validity of
> a specified context. The libselinux provides security_check_context
> for this purpose so use it.
>
> Note that context_new() can fail for a valid context - e.g. ENOMEM.
>
> * src/chcon.c (main): Use security_check_context().
> ---
> src/chcon.c | 5 +----
> 1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/src/chcon.c b/src/chcon.c
> index 32d4b0f..cd5fba3 100644
> --- a/src/chcon.c
> +++ b/src/chcon.c
> @@ -555,13 +555,10 @@ main (int argc, char **argv)
> }
> else
> {
> - context_t context;
> specified_context = argv[optind++];
> - context = context_new (specified_context);
> - if (!context)
> + if (security_check_context (specified_context) < 0)
> error (EXIT_FAILURE, 0, _("invalid context: %s"),
> quotearg_colon (specified_context));
> - context_free (context);
> }
>
> if (reference_file && component_specified)
>
security_check_context() is already used by `runcon`,
so this change looks good to me.