chcon: exit immediately if SELinux is disabled

This change happens to avoid an abort in chcon when SELinux is disabled while operating on a file with an "unlabeled" context from back in 2006. However, that same abort can still be triggered by the same file when running chcon with SELinux enabled. This bug in chcon will be fixed in a subsequent commit via a getfilecon wrapper. See http://thread.gmane.org/gmane.comp.gnu.coreutils.bugs/18378/focus=18384 for how to correct your disk attributes to avoid triggering this bug. * src/chcon.c (main): Exit immediately if SELinux is disabled. Reported in http://bugzilla.redhat.com/527142 by Yanko Kaneti. * src/runcon.c (main): Do not hardcode program name in error message. * THANKS: Update.
2025-09-10 07:59:52 +02:00 · 2009-10-05 09:20:48 +02:00
parent addb62da92
commit 3a97d664b9
3 changed files with 6 additions and 1 deletions
--- a/1
+++ b/1
@@ -612,6 +612,7 @@ Wis Macomson                        wis.macomson@intel.com
 Wojciech Purczynski                 cliph@isec.pl
 Wolfram Kleff                       kleff@cs.uni-bonn.de
 Won-kyu Park                        wkpark@chem.skku.ac.kr
+Yanko Kaneti                        yaneti@declera.com
 Yann Dirson                         dirson@debian.org
 Zvi Har'El                          rl@math.technion.ac.il

--- a/src/chcon.c
+++ b/src/chcon.c
@@ -519,6 +519,10 @@ main (int argc, char **argv)
      usage (EXIT_FAILURE);
    }

+  if (is_selinux_enabled () != 1)
+    error (EXIT_FAILURE, 0,
+           _("%s may be used only on a SELinux kernel"), program_name);
+
  if (reference_file)
    {
      if (getfilecon (reference_file, &ref_context) < 0)
--- a/src/runcon.c
+++ b/src/runcon.c
@@ -195,7 +195,7 @@ main (int argc, char **argv)

  if (is_selinux_enabled () != 1)
    error (EXIT_FAILURE, 0,
-           _("runcon may be used only on a SELinux kernel"));
+           _("%s may be used only on a SELinux kernel"), program_name);

  if (context)
    {