about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2017-06-14T09·41+0200
committerEelco Dolstra <edolstra@gmail.com>2017-06-14T09·41+0200
commit88b291ffc4aed550d3136a44580ba5f5d66dd922 (patch)
tree987f8d04786510b36571db5c5f7182bdf9cfe3ff /src
parent177f3996e28967368791ba0e4ec036f3dbbb88d0 (diff)
canonicalisePathMetaData(): Ignore security.selinux attribute
Untested, hopefully fixes #1406.
Diffstat (limited to 'src')
-rw-r--r--src/libstore/local-store.cc8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index ee36428af035..aa985ee53d97 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -421,10 +421,14 @@ static void canonicalisePathMetaData_(const Path & path, uid_t fromUid, InodesSe
         if ((eaSize = llistxattr(path.c_str(), eaBuf.data(), eaBuf.size())) < 0)
             throw SysError("querying extended attributes of ‘%s’", path);
 
-        for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1)))
+        for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1))) {
+            /* Ignore SELinux security labels since these cannot be
+               removed even by root. */
+            if (eaName == "security.selinux") continue;
             if (lremovexattr(path.c_str(), eaName.c_str()) == -1)
                 throw SysError("removing extended attribute ‘%s’ from ‘%s’", eaName, path);
-    }
+        }
+     }
 #endif
 
     /* Fail if the file is not owned by the build user.  This prevents