Sanitize SELinux file context initialization.

- do it in a single spot inside tsRun()
- automatically set RPMTRANS_FLAG_NOCONTEXTS if selinux is disabled

diff --git a/lib/rpminstall.c b/lib/rpminstall.c
index a30feb3..327bb20 100644 (file)
--- a/lib/rpminstall.c
+++ b/lib/rpminstall.c
@@ -308,19 +308,6 @@ int rpmInstall(rpmts ts,
     if (rpmExpandNumeric("%{?_repackage_all_erasures}"))
        ia->transFlags |= RPMTRANS_FLAG_REPACKAGE;
 
-    /* Initialize security context patterns (if not already done). */
-    if (!(ia->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) {
-       rpmsx sx = rpmtsREContext(ts);
-       if (sx == NULL) {
-           const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
-           if (fn != NULL && *fn != '\0') {
-               sx = rpmsxNew(fn);
-               (void) rpmtsSetREContext(ts, sx);
-           }
-           fn = _free(fn);
-       }
-       sx = rpmsxFree(sx);
-    }
     (void) rpmtsSetFlags(ts, ia->transFlags);
 
     probFilter = ia->probFilter;

diff --git a/lib/transaction.c b/lib/transaction.c
index 41d43e4..6b68ae0 100644 (file)
--- a/lib/transaction.c
+++ b/lib/transaction.c
@@ -1449,6 +1449,24 @@ int rpmtsRun(rpmts ts, rpmps okProbs, rpmprobFilterFlags ignoreSet)
     if (rpmtsFlags(ts) & RPMTRANS_FLAG_JUSTDB)
        (void) rpmtsSetFlags(ts, (rpmtsFlags(ts) | _noTransScripts | _noTransTriggers));
 
+    /* if SELinux isn't enabled or init fails, don't bother... */
+    if (!rpmtsSELinuxEnabled(ts)) {
+        rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS));
+    }
+
+    if (!rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS) {
+        rpmsx sx = rpmtsREContext(ts);
+        if (sx == NULL) {
+            const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
+            if (fn != NULL && *fn != '\0') {
+                sx = rpmsxNew(fn);
+                (void) rpmtsSetREContext(ts, sx);
+            }
+            fn = _free(fn);
+        }
+        sx = rpmsxFree(sx);
+    }
+
     ts->probs = rpmpsFree(ts->probs);
     ts->probs = rpmpsCreate();
 

diff --git a/python/rpmts-py.c b/python/rpmts-py.c
index 5c73faf..d38573d 100644 (file)
--- a/python/rpmts-py.c
+++ b/python/rpmts-py.c
@@ -1186,20 +1186,6 @@ rpmts_Run(rpmtsObject * s, PyObject * args, PyObject * kwds)
        (void) rpmtsSetNotifyCallback(s->ts, rpmtsCallback, (void *) &cbInfo);
     }
 
-    /* Initialize security context patterns (if not already done). */
-    if (!(s->ts->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) {
-       rpmsx sx = rpmtsREContext(s->ts);
-       if (sx == NULL) {
-           const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
-           if (fn != NULL && *fn != '\0') {
-               sx = rpmsxNew(fn);
-               (void) rpmtsSetREContext(s->ts, sx);
-           }
-           fn = _free(fn);
-       }
-       sx = rpmsxFree(sx);
-    } 
-
 if (_rpmts_debug)
 fprintf(stderr, "*** rpmts_Run(%p) ts %p ignore %x\n", s, s->ts, s->ignoreSet);