diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2017-06-14 11:41:03 +0200 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2017-06-14 11:41:03 +0200 |
commit | 88b291ffc4aed550d3136a44580ba5f5d66dd922 (patch) | |
tree | 987f8d04786510b36571db5c5f7182bdf9cfe3ff /src | |
parent | 177f3996e28967368791ba0e4ec036f3dbbb88d0 (diff) |
canonicalisePathMetaData(): Ignore security.selinux attribute
Untested, hopefully fixes #1406.
Diffstat (limited to 'src')
-rw-r--r-- | src/libstore/local-store.cc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index ee36428af..aa985ee53 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -421,10 +421,14 @@ static void canonicalisePathMetaData_(const Path & path, uid_t fromUid, InodesSe if ((eaSize = llistxattr(path.c_str(), eaBuf.data(), eaBuf.size())) < 0) throw SysError("querying extended attributes of ‘%s’", path); - for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1))) + for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1))) { + /* Ignore SELinux security labels since these cannot be + removed even by root. */ + if (eaName == "security.selinux") continue; if (lremovexattr(path.c_str(), eaName.c_str()) == -1) throw SysError("removing extended attribute ‘%s’ from ‘%s’", eaName, path); - } + } + } #endif /* Fail if the file is not owned by the build user. This prevents |