Skip to content

Commit

Permalink
Merge pull request containers#427 from jeckersb/encapsulate-selinux-c…
Browse files Browse the repository at this point in the history
…leanup

Encapsulate selinux guard consumption a bit better
  • Loading branch information
cgwalters authored Mar 25, 2024
2 parents e70142d + d470465 commit 0c250ea
Showing 1 changed file with 10 additions and 4 deletions.
14 changes: 10 additions & 4 deletions lib/src/install.rs
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,15 @@ impl State {
tracing::debug!("Loaded SELinux policy: {csum}");
Ok(Some(r))
}

#[context("Finalizing state")]
pub(crate) fn consume(self) -> Result<()> {
// If we had invoked `setenforce 0`, then let's re-enable it.
if let SELinuxFinalState::Enabled(Some(guard)) = self.selinux_state {
guard.consume()?;
}
Ok(())
}
}

/// Path to initially deployed version information
Expand Down Expand Up @@ -1244,10 +1253,7 @@ pub(crate) async fn install_to_disk(mut opts: InstallToDiskOpts) -> Result<()> {

// At this point, all other threads should be gone.
if let Some(state) = Arc::into_inner(state) {
// If we had invoked `setenforce 0`, then let's re-enable it.
if let SELinuxFinalState::Enabled(Some(guard)) = state.selinux_state {
guard.consume()?;
}
state.consume()?;
} else {
// This shouldn't happen...but we will make it not fatal right now
tracing::warn!("Failed to consume state Arc");
Expand Down

0 comments on commit 0c250ea

Please sign in to comment.