libselinux/utils/selabel_digest: pass BASEONLY only for file backend

Since commit 65c8fd4 ("libselinux: fail selabel_open(3) on invalid option") selabel_open(3) rejects options not supported for the respective backend. Pass SELABEL_OPT_BASEONLY only if the file backend is selected. Reported-by: zgzxx (#427) Fixes: 65c8fd4 ("libselinux: fail selabel_open(3) on invalid option") Signed-off-by: Christian Göttsche <[email protected]> Acked-by: James Carter <[email protected]>
SELinuxProject · Mar 20, 2024 · fb49789 · fb49789
1 parent 5876aca
commit fb49789
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
@@ -71,8 +71,8 @@ int main(int argc, char **argv)
  struct selabel_handle *hnd;
  struct selinux_opt selabel_option[] = {
  { SELABEL_OPT_PATH, file },
- { SELABEL_OPT_BASEONLY, baseonly },
- { SELABEL_OPT_DIGEST, digest }
+ { SELABEL_OPT_DIGEST, digest },
+ { SELABEL_OPT_BASEONLY, baseonly }
  };
 
  if (argc < 3)
@@ -119,10 +119,10 @@ int main(int argc, char **argv)
  memset(cmd_buf, 0, sizeof(cmd_buf));
 
  selabel_option[0].value = file;
- selabel_option[1].value = baseonly;
- selabel_option[2].value = digest;
+ selabel_option[1].value = digest;
+ selabel_option[2].value = baseonly;
 
- hnd = selabel_open(backend, selabel_option, 3);
+ hnd = selabel_open(backend, selabel_option, backend == SELABEL_CTX_FILE ? 3 : 2);
  if (!hnd) {
  switch (errno) {
  case EOVERFLOW: