canonicalisePathMetaData(): Ignore security.selinux attribute

Untested, hopefully fixes #1406.
This commit is contained in:
Eelco Dolstra 2017-06-14 11:41:03 +02:00
parent 177f3996e2
commit 88b291ffc4
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE

View file

@ -421,10 +421,14 @@ static void canonicalisePathMetaData_(const Path & path, uid_t fromUid, InodesSe
if ((eaSize = llistxattr(path.c_str(), eaBuf.data(), eaBuf.size())) < 0) if ((eaSize = llistxattr(path.c_str(), eaBuf.data(), eaBuf.size())) < 0)
throw SysError("querying extended attributes of %s", path); throw SysError("querying extended attributes of %s", path);
for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1))) for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1))) {
/* Ignore SELinux security labels since these cannot be
removed even by root. */
if (eaName == "security.selinux") continue;
if (lremovexattr(path.c_str(), eaName.c_str()) == -1) if (lremovexattr(path.c_str(), eaName.c_str()) == -1)
throw SysError("removing extended attribute %s from %s", eaName, path); throw SysError("removing extended attribute %s from %s", eaName, path);
} }
}
#endif #endif
/* Fail if the file is not owned by the build user. This prevents /* Fail if the file is not owned by the build user. This prevents