[3/3] restorecond: Update to handle new digest scheme

Commit Message

Richard Haines May 22, 2019, 6:47 p.m. UTC

restorecond is coded to always skip digests.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
 restorecond/restore.c     | 8 ++++----
 restorecond/restore.h     | 2 +-
 restorecond/restorecond.c | 5 ++---
 3 files changed, 7 insertions(+), 8 deletions(-)

Patch

diff --git a/restorecond/restore.c b/restorecond/restore.c
index f6e3000..26ddec2 100644
--- a/restorecond/restore.c
+++ b/restorecond/restore.c
@@ -21,11 +21,10 @@  void restore_init(struct restore_opts *opts)
 	r_opts = opts;
 	struct selinux_opt selinux_opts[] = {
 		{ SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
-		{ SELABEL_OPT_PATH, r_opts->selabel_opt_path },
-		{ SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
+		{ SELABEL_OPT_PATH, r_opts->selabel_opt_path }
 	};
 
-	r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
+	r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 2);
 	if (!r_opts->hnd) {
 		perror(r_opts->selabel_opt_path);
 		exit(1);
@@ -38,7 +37,8 @@  void restore_init(struct restore_opts *opts)
 			   r_opts->recurse | r_opts->userealpath |
 			   r_opts->xdev | r_opts->abort_on_error |
 			   r_opts->syslog_changes | r_opts->log_matches |
-			   r_opts->ignore_noent | r_opts->ignore_mounts;
+			   r_opts->ignore_noent | r_opts->ignore_mounts |
+			   r_opts->skip_digest;
 
 	/* Use setfiles, restorecon and restorecond own handles */
 	selinux_restorecon_set_sehandle(r_opts->hnd);
diff --git a/restorecond/restore.h b/restorecond/restore.h
index 97fbdf4..a493031 100644
--- a/restorecond/restore.h
+++ b/restorecond/restore.h
@@ -32,6 +32,7 @@  struct restore_opts {
 	unsigned int set_specctx;
 	unsigned int add_assoc;
 	unsigned int ignore_digest;
+	unsigned int skip_digest;
 	unsigned int recurse;
 	unsigned int userealpath;
 	unsigned int xdev;
@@ -47,7 +48,6 @@  struct restore_opts {
 	struct selabel_handle *hnd;
 	const char *selabel_opt_validate;
 	const char *selabel_opt_path;
-	const char *selabel_opt_digest;
 	int debug;
 	FILE *outfile;
 };
diff --git a/restorecond/restorecond.c b/restorecond/restorecond.c
index d5f70fc..26d2c59 100644
--- a/restorecond/restorecond.c
+++ b/restorecond/restorecond.c
@@ -150,12 +150,11 @@  int main(int argc, char **argv)
 
 	watch_file = server_watch_file;
 
-	/* Set all options to zero/NULL except for ignore_noent & digest. */
+	/* Set all options to zero except for ignore_noent & skip_digest */
 	memset(&r_opts, 0, sizeof(r_opts));
 	r_opts.ignore_noent = SELINUX_RESTORECON_IGNORE_NOENTRY;
-	r_opts.ignore_digest = SELINUX_RESTORECON_IGNORE_DIGEST;
+	r_opts.skip_digest = SELINUX_RESTORECON_SKIP_DIGEST;
 
-	/* As r_opts.selabel_opt_digest = NULL, no digest will be requested. */
 	restore_init(&r_opts);
 
 	/* Register sighandlers */