libsemanage: Set new restorecon handle before doing restorecon

In semanage_setfiles(), need to reset the restorecon handle to make sure restorecon is not operating on old selabel data. This fixes commit d96f27b ("libsemanage: Preserve file context and ownership in policy store") which could cause restorecon to use old data. Reported-by: Petr Lautrbach <[email protected]> Signed-off-by: James Carter <[email protected]> Acked-by: Petr Lautrbach <[email protected]>
SELinuxProject · Jan 28, 2025 · 9d107ab · 9d107ab
1 parent 45fdf23
commit 9d107ab
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
@@ -3012,9 +3012,14 @@ log_callback_mute(__attribute__((unused)) int type, __attribute__((unused)) cons
 void semanage_setfiles(semanage_handle_t * sh, const char *path){
 	struct stat sb;
 	int fd;
+	struct selabel_handle *sehandle;
+
 	union selinux_callback cb_orig = selinux_get_callback(SELINUX_CB_LOG);
 	union selinux_callback cb = { .func_log = log_callback_mute };
 
+	sehandle = selinux_restorecon_default_handle();
+	selinux_restorecon_set_sehandle(sehandle);
+
 	/* Mute all logs */
 	selinux_set_callback(SELINUX_CB_LOG, cb);