[lxc-devel] [lxc/master] selinux.c: Simplify label_set

[marcosps on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 838 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180207/4f28c8e5/attachment.bin>
-------------- next part --------------
From e5fce68f498d1bc44a025d224f0d71d4cf7a018e Mon Sep 17 00:00:00 2001
From: Marcos Paulo de Souza <marcos.souza.org at gmail.com>
Date: Tue, 6 Feb 2018 21:59:57 -0200
Subject: [PATCH] selinux.c: Simplify label_set

If there is no label in the argument or in the config, and we can't use
the default, return error.

If we can use the default, later on we compare the label with
"unconfined_t", which is the same as DEFAUL_LABEL.

We can simplify it by checking if there is not label (in argument and in
conf), and return error if we can't use the default, or return 0 if we
the default applies. After this change, DEFAULT_LABEL can also be
removed, as it is not used anymore.

Signed-off-by: Marcos Paulo de Souza <marcos.souza.org at gmail.com>
---
 src/lxc/lsm/selinux.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
index ecdffc36d..3b7476956 100644
--- a/src/lxc/lsm/selinux.c
+++ b/src/lxc/lsm/selinux.c
@@ -31,8 +31,6 @@
 #include "lsm.h"
 #include "conf.h"
 
-#define DEFAULT_LABEL "unconfined_t"
-
 lxc_log_define(lxc_lsm_selinux, lxc);
 
 /*
@@ -76,13 +74,10 @@ static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf,
 {
 	const char *label = inlabel ? inlabel : conf->lsm_se_context;
 	if (!label) {
-		if (use_default)
-			label = DEFAULT_LABEL;
-		else
+		if (!use_default)
 			return -1;
-	}
-	if (!strcmp(label, "unconfined_t"))
 		return 0;
+	}
 
 	if (on_exec) {
 		if (setexeccon_raw((char *)label) < 0) {