From 48277c53c30c871e548129f55854232552e4b626 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 13 Mar 2024 12:10:25 +0100 Subject: [PATCH] libselinux/utils/selabel_digest: pass BASEONLY only for file backend MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since commit 65c8fd45 ("libselinux: fail selabel_open(3) on invalid option") selabel_open(3) rejects options not supported for the respective backend. Pass SELABEL_OPT_BASEONLY only if the file backend is selected. Reported-by: zgzxx (https://github.com/SELinuxProject/selinux/issues/427) Fixes: 65c8fd45 ("libselinux: fail selabel_open(3) on invalid option") Signed-off-by: Christian Göttsche Acked-by: James Carter --- libselinux/utils/selabel_digest.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c index 640510703..47aad21ff 100644 --- a/libselinux/utils/selabel_digest.c +++ b/libselinux/utils/selabel_digest.c @@ -71,8 +71,8 @@ int main(int argc, char **argv) struct selabel_handle *hnd; struct selinux_opt selabel_option[] = { { SELABEL_OPT_PATH, file }, - { SELABEL_OPT_BASEONLY, baseonly }, - { SELABEL_OPT_DIGEST, digest } + { SELABEL_OPT_DIGEST, digest }, + { SELABEL_OPT_BASEONLY, baseonly } }; if (argc < 3) @@ -119,10 +119,10 @@ int main(int argc, char **argv) memset(cmd_buf, 0, sizeof(cmd_buf)); selabel_option[0].value = file; - selabel_option[1].value = baseonly; - selabel_option[2].value = digest; + selabel_option[1].value = digest; + selabel_option[2].value = baseonly; - hnd = selabel_open(backend, selabel_option, 3); + hnd = selabel_open(backend, selabel_option, backend == SELABEL_CTX_FILE ? 3 : 2); if (!hnd) { switch (errno) { case EOVERFLOW: