>From 1289bb62d6138e80884fd87b3ede48c4a2a2c518 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
Date: Sun, 22 Nov 2020 17:46:52 +0000
Subject: [PATCH] maint: use absolute paths with selabel_lookup

* src/selinux.c: selabel_lookup requires absolute paths
(while only older matchpathcon before libselinux < 2.1.5 2011-0826 did).
* po/POTFILES.in: Readd src/selinux.c since we now have
a translatable error message.
---
 po/POTFILES.in |  1 +
 src/selinux.c  | 33 +++++++++++++++++++++++++++++++--
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/po/POTFILES.in b/po/POTFILES.in
index 5ccc0e9a9..074322393 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -109,6 +109,7 @@ src/remove.c
 src/rm.c
 src/rmdir.c
 src/runcon.c
+src/selinux.c
 src/seq.c
 src/set-fields.c
 src/shred.c
diff --git a/src/selinux.c b/src/selinux.c
index 10fa9d8c6..50efb0aec 100644
--- a/src/selinux.c
+++ b/src/selinux.c
@@ -21,7 +21,9 @@
 #include <selinux/context.h>
 #include <sys/types.h>
 
+#include "die.h"
 #include "system.h"
+#include "canonicalize.h"
 #include "xfts.h"
 #include "selinux.h"
 
@@ -113,6 +115,16 @@ defaultcon (struct selabel_handle *selabel_handle,
   context_t scontext = 0, tcontext = 0;
   const char *contype;
   char *constr;
+  char *newpath = NULL;
+
+  if (! IS_ABSOLUTE_FILE_NAME (path))
+    {
+      newpath = canonicalize_filename_mode (path, CAN_MISSING);
+      if (! newpath)
+        die (EXIT_FAILURE, errno, _("error canonicalizing %s"),
+             quoteaf (path));
+      path = newpath;
+    }
 
   if (selabel_lookup (selabel_handle, &scon, path, mode) < 0)
     {
@@ -120,7 +132,7 @@ defaultcon (struct selabel_handle *selabel_handle,
          when processing files, when in fact it was the
          associated default context that was not found.
          Therefore map the error to something more appropriate
-         to the context in which we're using matchpathcon().  */
+         to the context in which we're using selabel_lookup().  */
       if (errno == ENOENT)
         errno = ENODATA;
       goto quit;
@@ -146,6 +158,7 @@ quit:
   context_free (tcontext);
   freecon (scon);
   freecon (tcon);
+  free (newpath);
   return rc;
 }
 
@@ -269,8 +282,23 @@ bool
 restorecon (struct selabel_handle *selabel_handle,
             char const *path, bool recurse)
 {
+  char *newpath = NULL;
+
+  if (! IS_ABSOLUTE_FILE_NAME (path))
+    {
+      newpath = canonicalize_filename_mode (path, CAN_MISSING);
+      if (! newpath)
+        die (EXIT_FAILURE, errno, _("error canonicalizing %s"),
+             quoteaf (path));
+      path = newpath;
+    }
+
   if (! recurse)
-    return restorecon_private (selabel_handle, path) == 0;
+    {
+      bool ok = restorecon_private (selabel_handle, path) != -1;
+      free (newpath);
+      return ok;
+    }
 
   char const *ftspath[2] = { path, NULL };
   FTS *fts = xfts_open ((char *const *) ftspath, FTS_PHYSICAL, NULL);
@@ -286,6 +314,7 @@ restorecon (struct selabel_handle *selabel_handle,
   if (fts_close (fts) != 0)
     err = errno;
 
+  free (newpath);
   return !err;
 }
 #endif
-- 
2.26.2