In permissive, if a bad label is written to a file_context file, restorecon will not verify the label before succesfully applying the context. These patches fix validation of labels during restorecon while not breaking current behavior of lazy validation.
Yuli Khodorkovskiy (2): libselinux: verify file_contexts when using restorecon libselinux: echo line number of bad label in selabel_fini() libselinux/src/label.c | 4 ++-- libselinux/src/label_file.h | 1 + libselinux/src/label_internal.h | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) -- 2.14.3
