mkswap: automatically add selinux label to swapfile

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/disk-utils/Makefile.am b/disk-utils/Makefile.am
index 6915e11e79928365415d335d5ad61c5841d32b30..95082021b8d244da0d65c08028f1668feba12292 100644 (file)
--- a/disk-utils/Makefile.am
+++ b/disk-utils/Makefile.am
@@ -31,7 +31,13 @@ fsck_cramfs_LDADD = -lz
 mkfs_cramfs_LDADD = -lz $(top_srcdir)/lib/libmd5.a
 endif
 
+mkswap_LDADD =
+
 if HAVE_UUID
-mkswap_LDADD = -luuid
+mkswap_LDADD += -luuid
+endif
+
+if HAVE_SELINUX
+mkswap_LDADD += -lselinux
 endif
 

diff --git a/disk-utils/mkswap.c b/disk-utils/mkswap.c
index 1fc18340618164ae3c7b865a35ccd2e35b2406bc..970641010324321b87249d5a961cc53c1a487435 100644 (file)
--- a/disk-utils/mkswap.c
+++ b/disk-utils/mkswap.c
@@ -28,7 +28,7 @@
  *
  * 1999-02-22 Arkadiusz Mi¶kiewicz <misiek@pld.ORG.PL>
  * - added Native Language Support
- * 
+ *
  */
 
 #include <stdio.h>
@@ -40,6 +40,12 @@
 #include <sys/ioctl.h>         /* for _IO */
 #include <sys/utsname.h>
 #include <sys/stat.h>
+#include <errno.h>
+#ifdef HAVE_LIBSELINUX
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#endif
+
 #include "swapheader.h"
 #include "xstrncpy.h"
 #include "nls.h"
@@ -66,6 +72,8 @@ static int version = -1;
 
 #define MAKE_VERSION(p,q,r)    (65536*(p) + 256*(q) + (r))
 
+#define SELINUX_SWAPFILE_TYPE  "swapfile_t"
+
 static int
 linux_version_code(void) {
        struct utsname my_utsname;
@@ -146,9 +154,9 @@ is_sparc64(void) {
  * What to do? Let us allow the user to specify the pagesize explicitly.
  *
  * Update 05-Feb-2007 (kzak):
- *      - use sysconf(_SC_PAGESIZE) to be consistent with the rest of 
- *        util-linux code.  It is the standardized and preferred way of 
- *        querying page size.  
+ *      - use sysconf(_SC_PAGESIZE) to be consistent with the rest of
+ *        util-linux code.  It is the standardized and preferred way of
+ *        querying page size.
  */
 static int user_pagesize;
 static int pagesize;
@@ -285,7 +293,7 @@ write_uuid_and_label(char *uuid, char *volume_name) {
 #elif defined(__sparc__)
 #define V1_MAX_PAGES           (is_sparc64() ? ((3 << 29) - 1) : ((1 << 18) - 1))
 #elif defined(__ia64__)
-/* 
+/*
  * The actual size will depend on the amount of virtual address space
  * available to vmalloc the swap map.
  */
@@ -737,5 +745,39 @@ the -f option to force it.\n"),
        if (fsync(DEV))
                 die(_("fsync failed"));
 #endif
+
+#ifdef HAVE_LIBSELINUX
+       if (S_ISREG(statbuf.st_mode) && is_selinux_enabled()) {
+               security_context_t context_string;
+               security_context_t oldcontext;
+               context_t newcontext;
+
+               if ((fgetfilecon(DEV, &oldcontext) < 0) &&
+                   (errno != ENODATA)) {
+                       fprintf(stderr, _("%s: %s: unable to obtain selinux file label: %s\n"),
+                                       program_name, device_name,
+                                       strerror(errno));
+                       exit(1);
+               }
+               if (!(newcontext = context_new(oldcontext)))
+                       die(_("unable to create new selinux context"));
+               if (context_type_set(newcontext, SELINUX_SWAPFILE_TYPE))
+                       die(_("couldn't compute selinux context"));
+
+               context_string = context_str(newcontext);
+
+               if (strcmp(context_string, oldcontext)!=0) {
+                       if (fsetfilecon(DEV, context_string)) {
+                               fprintf(stderr, _("%s: unable to relabel %s to %s: %s\n"),
+                                               program_name, device_name,
+                                               context_string,
+                                               strerror(errno));
+                               exit(1);
+                       }
+               }
+               context_free(newcontext);
+               freecon(oldcontext);
+       }
+#endif
        return 0;
 }