Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10962

Migrate SELinux util from matchpathcon(3) to selabel_lookup(3)

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Duplicate
    • None
    • None
    • None
    • Hide

      No usage of the matchpathcon(3) function.

      Show
      No usage of the matchpathcon(3) function.
    • Night's Watch
    • Needs Assessment

    Description

      Puppet::Util::SElinux uses the deprecated matchpathcon(3) exposed by the C bindings for SELinux.

      This should be changed to instead open a handle with selabel_open, doing the lookup with selabel_lookup then closing the handle with selabel_close.

       

      This has been available since mid 2015 when it was introduced in [1] just need to verify it's included in all new major versions of supported operating systems.

       [1] https://github.com/SELinuxProject/selinux/commit/e7f970ffd1a8dbb26051405719a2288d34e856f6

       

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. PUP-7126 Selinux.matchpathcon is deprecated, use selabel_lookup instead

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Accepted
          relates to

          Bug - A problem which impairs or prevents the functions of the product. PUP-10548 Wrong SELinux contexts on files if puppet installs new rpm with SELinux policy

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Accepted

          Activity

            People

              Unassigned Unassigned
              tobias-urdin Tobias Urdin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support