hwdb.d/60-autosuspend-fingerprint-reader.hwdb

@@ -8,7 +8,6 @@
 # Supported by libfprint driver aes1610
 usb:v08FFp1600*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver aes1660
 usb:v08FFp1660*
@@ -29,19 +28,16 @@ usb:v08FFp168D*
 usb:v08FFp168E*
 usb:v08FFp168F*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver aes2501
 usb:v08FFp2500*
 usb:v08FFp2580*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver aes2550
 usb:v08FFp2550*
 usb:v08FFp2810*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver aes2660
 usb:v08FFp2660*
@@ -63,23 +59,19 @@ usb:v08FFp268E*
 usb:v08FFp268F*
 usb:v08FFp2691*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver aes3500
 usb:v08FFp5731*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver aes4000
 usb:v5501p08FF*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver egis0570
 usb:v1C7Ap0570*
 usb:v1C7Ap0571*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver elan
 usb:v04F3p0903*
@@ -141,19 +133,15 @@ usb:v04F3p0C4D*
 usb:v04F3p0C4F*
 usb:v04F3p0C63*
 usb:v04F3p0C6E*
-usb:v04F3p0C58*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver elanmoc
 usb:v04F3p0C7E*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver etes603
 usb:v1C7Ap0603*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver goodixmoc
 usb:v27C6p5840*
@@ -161,7 +149,6 @@ usb:v27C6p609C*
 usb:v27C6p60A2*
 usb:v27C6p639C*
 usb:v27C6p63AC*
-usb:v27C6p63BC*
 usb:v27C6p6496*
 usb:v27C6p6584*
 usb:v27C6p658C*
@@ -170,12 +157,10 @@ usb:v27C6p6594*
 usb:v27C6p659C*
 usb:v27C6p6A94*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver nb1010
 usb:v298Dp1010*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver synaptics
 usb:v06CBp00BD*
@@ -187,29 +172,22 @@ usb:v06CBp00C9*
 usb:v06CBp0100*
 usb:v06CBp00F0*
 usb:v06CBp0103*
-usb:v06CBp0123*
-usb:v06CBp0126*
-usb:v06CBp0129*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver upeksonly
 usb:v147Ep2016*
 usb:v147Ep1000*
 usb:v147Ep1001*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver upektc
 usb:v0483p2015*
 usb:v147Ep3001*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver upektc_img
 usb:v147Ep2020*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver uru4000
 usb:v045Ep00BC*
@@ -219,28 +197,23 @@ usb:v05BAp0007*
 usb:v05BAp0008*
 usb:v05BAp000A*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver vcom5s
 usb:v061Ap0110*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver vfs0050
 usb:v138Ap0050*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver vfs101
 usb:v138Ap0001*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver vfs301
 usb:v138Ap0005*
 usb:v138Ap0008*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver vfs5011
 usb:v138Ap0010*
@@ -249,12 +222,10 @@ usb:v138Ap0015*
 usb:v138Ap0017*
 usb:v138Ap0018*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Supported by libfprint driver vfs7552
 usb:v138Ap0091*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0
 
 # Known unsupported devices
 usb:v04F3p036B*
@@ -277,7 +248,6 @@ usb:v06CBp00C4*
 usb:v06CBp00CB*
 usb:v06CBp00D8*
 usb:v06CBp00DA*
-usb:v06CBp00E7*
 usb:v06CBp00E9*
 usb:v0A5Cp5801*
 usb:v0A5Cp5805*
@@ -286,7 +256,6 @@ usb:v0A5Cp5840*
 usb:v0A5Cp5841*
 usb:v0A5Cp5842*
 usb:v0A5Cp5843*
-usb:v0A5Cp5844*
 usb:v0A5Cp5845*
 usb:v10A5p0007*
 usb:v1188p9545*
@@ -329,4 +298,3 @@ usb:v2808p9338*
 usb:v298Dp2033*
 usb:v3538p0930*
  ID_AUTOSUSPEND=1
- ID_PERSIST=0

hwdb.d/60-autosuspend.hwdb

@@ -24,13 +24,6 @@
 #
 # Allowed properties are:
 #    ID_AUTOSUSPEND=1
-#    ID_PERSIST=0
-#
-# ID_PERSIST=0 allows disabling the kernels USB "persist" feature, which allows
-# the continued use of devices after a power loss (due to suspend). Disable it
-# if the device will loose state without a USB power session and the driver
-# is unable to recover the state when resuming. See
-#   https://www.kernel.org/doc/html/latest/driver-api/usb/persist.html
 
 # Sort by brand, model
 

hwdb.d/70-mouse.hwdb

@@ -523,10 +523,6 @@ mouse:usb:v046dpc016:name:Logitech Optical USB Mouse:*
 mouse:usb:v046dpc01b:name:Logitech USB-PS/2 Optical Mouse:*
  MOUSE_DPI=400@125
 
-# Logitech USB-PS/2 M-BT96A
-mouse:usb:v046dpc03d:name:Logitech USB-PS/2 Optical Mouse:*
- MOUSE_DPI=400@125
-
 # Logitech USB-PS/2 M-BT58
 mouse:usb:v046dpc03e:name:Logitech USB-PS/2 Optical Mouse:*
  MOUSE_DPI=400@125

hwdb.d/parse_hwdb.py

@@ -134,7 +134,6 @@ def property_grammar():
              ('MOUSE_WHEEL_CLICK_COUNT', INTEGER),
              ('MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL', INTEGER),
              ('ID_AUTOSUSPEND', Or((Literal('0'), Literal('1')))),
-             ('ID_PERSIST', Or((Literal('0'), Literal('1')))),
              ('ID_INPUT', Or((Literal('0'), Literal('1')))),
              ('ID_INPUT_ACCELEROMETER', Or((Literal('0'), Literal('1')))),
              ('ID_INPUT_JOYSTICK', Or((Literal('0'), Literal('1')))),

man/systemd.netdev.xml

@@ -317,12 +317,11 @@
         <listitem>
           <para>The MAC address to use for the device. For <literal>tun</literal> or <literal>tap</literal>
           devices, setting <varname>MACAddress=</varname> in the [NetDev] section is not
-          supported. Please specify it in the [Link] section of the corresponding
+          supported. Please specify it in [Link] section of the corresponding
           <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-          file. If this option is not set, <literal>bridge</literal> and <literal>vlan</literal> devices
-          inherit the MAC address of the first slave device or the physical interface, respectively. For other
-          kind of netdevs, if this option is not set, then the MAC address is generated based on the interface
-          name and the
+          file. If this option is not set, <literal>vlan</literal> devices inherit the MAC address of the
+          physical interface. For other kind of netdevs, if this option is not set, then MAC address is
+          generated based on the interface name and the
           <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
           </para>
         </listitem>

meson.build

@@ -1024,11 +1024,8 @@ else
 endif
 conf.set10('HAVE_APPARMOR', have)
 
-have = get_option('smack') and get_option('smack-run-label') != ''
-conf.set10('HAVE_SMACK_RUN_LABEL', have)
-if have
+conf.set10('HAVE_SMACK_RUN_LABEL', get_option('smack-run-label') != '')
 conf.set_quoted('SMACK_RUN_LABEL', get_option('smack-run-label'))
-endif
 
 want_polkit = get_option('polkit')
 install_polkit = false
@@ -2296,7 +2293,7 @@ if conf.get('ENABLE_PORTABLED') == 1
                 systemd_portabled_sources,
                 include_directories : includes,
                 link_with : [libshared],
-                dependencies : [threads, libselinux],
+                dependencies : [threads],
                 install_rpath : rootlibexecdir,
                 install : true,
                 install_dir : rootlibexecdir)

rules.d/60-autosuspend.rules

@@ -11,8 +11,4 @@ SUBSYSTEM=="i2c", ATTR{name}=="cyapa", \
 ENV{ID_AUTOSUSPEND}=="1", TEST=="power/control", \
   ATTR{power/control}="auto"
 
-# Disable USB persist if hwdb says so.
-ENV{ID_PERSIST}=="0", TEST=="power/persist", \
-  ATTR{power/persist}="0"
-
 LABEL="autosuspend_end"

src/basic/fileio.c

@@ -1434,3 +1434,16 @@ int warn_file_is_world_accessible(const char *filename, struct stat *st, const c
                             filename, st->st_mode & 07777);
         return 0;
 }
+
+int rename_and_apply_smack_floor_label(const char *from, const char *to) {
+        int r = 0;
+        if (rename(from, to) < 0)
+                return -errno;
+
+#if HAVE_SMACK_RUN_LABEL
+        r = mac_smack_apply(to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL);
+        if (r < 0)
+                return r;
+#endif
+        return r;
+}

src/basic/fileio.h

@@ -124,3 +124,5 @@ static inline int read_nul_string(FILE *f, size_t limit, char **ret) {
 int safe_fgetc(FILE *f, char *ret);
 
 int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line);
+
+int rename_and_apply_smack_floor_label(const char *temp_path, const char *dest_path);

src/basic/socket-util.c

@@ -921,7 +921,7 @@ int getpeergroups(int fd, gid_t **ret) {
 ssize_t send_one_fd_iov_sa(
                 int transport_fd,
                 int fd,
-                const struct iovec *iov, size_t iovlen,
+                struct iovec *iov, size_t iovlen,
                 const struct sockaddr *sa, socklen_t len,
                 int flags) {
 
@@ -929,7 +929,7 @@ ssize_t send_one_fd_iov_sa(
         struct msghdr mh = {
                 .msg_name = (struct sockaddr*) sa,
                 .msg_namelen = len,
-                .msg_iov = (struct iovec *)iov,
+                .msg_iov = iov,
                 .msg_iovlen = iovlen,
         };
         ssize_t k;

src/basic/socket-util.h

@@ -154,7 +154,7 @@ int getpeergroups(int fd, gid_t **ret);
 ssize_t send_one_fd_iov_sa(
                 int transport_fd,
                 int fd,
-                const struct iovec *iov, size_t iovlen,
+                struct iovec *iov, size_t iovlen,
                 const struct sockaddr *sa, socklen_t len,
                 int flags);
 int send_one_fd_sa(int transport_fd,

src/core/smack-setup.c

@@ -322,7 +322,7 @@ int mac_smack_setup(bool *loaded_policy) {
                 return 0;
         }
 
-#if HAVE_SMACK_RUN_LABEL
+#ifdef SMACK_RUN_LABEL
         r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
         if (r < 0)
                 log_warning_errno(r, "Failed to set SMACK label \"" SMACK_RUN_LABEL "\" on self: %m");

src/firstboot/firstboot.c

@@ -32,7 +32,6 @@
 #include "proc-cmdline.h"
 #include "pwquality-util.h"
 #include "random-util.h"
-#include "smack-util.h"
 #include "string-util.h"
 #include "strv.h"
 #include "terminal-util.h"

src/portable/portable.c

@@ -28,7 +28,6 @@
 #include "path-lookup.h"
 #include "portable.h"
 #include "process-util.h"
-#include "selinux-util.h"
 #include "set.h"
 #include "signal-util.h"
 #include "socket-util.h"
@@ -79,7 +78,7 @@ static bool unit_match(const char *unit, char **matches) {
         return false;
 }
 
-static PortableMetadata *portable_metadata_new(const char *name, const char *path, const char *selinux_label, int fd) {
+static PortableMetadata *portable_metadata_new(const char *name, const char *path, int fd) {
         PortableMetadata *m;
 
         m = malloc0(offsetof(PortableMetadata, name) + strlen(name) + 1);
@@ -93,15 +92,6 @@ static PortableMetadata *portable_metadata_new(const char *name, const char *pat
                         return mfree(m);
         }
 
-        /* The metadata file might have SELinux labels, we need to carry them and reapply them */
-        if (!isempty(selinux_label)) {
-                m->selinux_label = strdup(selinux_label);
-                if (!m->selinux_label) {
-                        free(m->image_path);
-                        return mfree(m);
-                }
-        }
-
         strcpy(m->name, name);
         m->fd = fd;
 
@@ -115,7 +105,6 @@ PortableMetadata *portable_metadata_unref(PortableMetadata *i) {
         safe_close(i->fd);
         free(i->source);
         free(i->image_path);
-        free(i->selinux_label);
 
         return mfree(i);
 }
@@ -145,23 +134,96 @@ int portable_metadata_hashmap_to_sorted_array(Hashmap *unit_files, PortableMetad
         return 0;
 }
 
-static int send_one_fd_iov_with_data_fd(
+static int send_item(
                 int socket_fd,
-                const struct iovec *iov,
-                size_t iovlen,
+                const char *name,
                 int fd) {
 
+        CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int))) control = {};
+        struct iovec iovec;
+        struct msghdr mh = {
+                .msg_control = &control,
+                .msg_controllen = sizeof(control),
+                .msg_iov = &iovec,
+                .msg_iovlen = 1,
+        };
+        struct cmsghdr *cmsg;
         _cleanup_close_ int data_fd = -1;
 
-        assert(iov || iovlen == 0);
         assert(socket_fd >= 0);
+        assert(name);
         assert(fd >= 0);
 
         data_fd = copy_data_fd(fd);
         if (data_fd < 0)
                 return data_fd;
 
-        return send_one_fd_iov(socket_fd, data_fd, iov, iovlen, 0);
+        cmsg = CMSG_FIRSTHDR(&mh);
+        cmsg->cmsg_level = SOL_SOCKET;
+        cmsg->cmsg_type = SCM_RIGHTS;
+        cmsg->cmsg_len = CMSG_LEN(sizeof(int));
+        memcpy(CMSG_DATA(cmsg), &data_fd, sizeof(int));
+
+        iovec = IOVEC_MAKE_STRING(name);
+
+        if (sendmsg(socket_fd, &mh, MSG_NOSIGNAL) < 0)
+                return -errno;
+
+        return 0;
+}
+
+static int recv_item(
+                int socket_fd,
+                char **ret_name,
+                int *ret_fd) {
+
+        CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int))) control;
+        char buffer[PATH_MAX+2];
+        struct iovec iov = IOVEC_INIT(buffer, sizeof(buffer)-1);
+        struct msghdr mh = {
+                .msg_control = &control,
+                .msg_controllen = sizeof(control),
+                .msg_iov = &iov,
+                .msg_iovlen = 1,
+        };
+        struct cmsghdr *cmsg;
+        _cleanup_close_ int found_fd = -1;
+        char *copy;
+        ssize_t n;
+
+        assert(socket_fd >= 0);
+        assert(ret_name);
+        assert(ret_fd);
+
+        n = recvmsg_safe(socket_fd, &mh, MSG_CMSG_CLOEXEC);
+        if (n < 0)
+                return (int) n;
+
+        CMSG_FOREACH(cmsg, &mh) {
+                if (cmsg->cmsg_level == SOL_SOCKET &&
+                    cmsg->cmsg_type == SCM_RIGHTS) {
+
+                        if (cmsg->cmsg_len == CMSG_LEN(sizeof(int))) {
+                                assert(found_fd < 0);
+                                found_fd = *(int*) CMSG_DATA(cmsg);
+                                break;
+                        }
+
+                        cmsg_close_all(&mh);
+                        return -EIO;
+                }
+        }
+
+        buffer[n] = 0;
+
+        copy = strdup(buffer);
+        if (!copy)
+                return -ENOMEM;
+
+        *ret_name = copy;
+        *ret_fd = TAKE_FD(found_fd);
+
+        return 0;
 }
 
 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(portable_metadata_hash_ops, char, string_hash_func, string_compare_func,
@@ -210,18 +272,13 @@ static int extract_now(
                                 path_is_extension ? "extension-release " : "os-release");
         else {
                 if (socket_fd >= 0) {
-                        struct iovec iov[] = {
-                                IOVEC_MAKE_STRING(os_release_id),
-                                IOVEC_MAKE((char *)"\0", sizeof(char)),
-                        };
-
-                        r = send_one_fd_iov_with_data_fd(socket_fd, iov, ELEMENTSOF(iov), os_release_fd);
+                        r = send_item(socket_fd, os_release_id, os_release_fd);
                         if (r < 0)
                                 return log_debug_errno(r, "Failed to send os-release file: %m");
                 }
 
                 if (ret_os_release) {
-                        os_release = portable_metadata_new(os_release_id, NULL, NULL, os_release_fd);
+                        os_release = portable_metadata_new(os_release_id, NULL, os_release_fd);
                         if (!os_release)
                                 return -ENOMEM;
 
@@ -276,27 +333,12 @@ static int extract_now(
                         }
 
                         if (socket_fd >= 0) {
-                                _cleanup_(mac_selinux_freep) char *con = NULL;
-#if HAVE_SELINUX
-                                /* The units will be copied on the host's filesystem, so if they had a SELinux label
-                                 * we have to preserve it. Copy it out so that it can be applied later. */
-
-                                r = fgetfilecon_raw(fd, &con);
-                                if (r < 0 && errno != ENODATA)
-                                        log_debug_errno(errno, "Failed to get SELinux file context from '%s', ignoring: %m", de->d_name);
-#endif
-                                struct iovec iov[] = {
-                                        IOVEC_MAKE_STRING(de->d_name),
-                                        IOVEC_MAKE((char *)"\0", sizeof(char)),
-                                        IOVEC_MAKE_STRING(strempty(con)),
-                                };
-
-                                r = send_one_fd_iov_with_data_fd(socket_fd, iov, ELEMENTSOF(iov), fd);
+                                r = send_item(socket_fd, de->d_name, fd);
                                 if (r < 0)
                                         return log_debug_errno(r, "Failed to send unit metadata to parent: %m");
                         }
 
-                        m = portable_metadata_new(de->d_name, NULL, NULL, fd);
+                        m = portable_metadata_new(de->d_name, NULL, fd);
                         if (!m)
                                 return -ENOMEM;
                         fd = -1;
@@ -423,37 +465,23 @@ static int portable_extract_by_path(
 
                 for (;;) {
                         _cleanup_(portable_metadata_unrefp) PortableMetadata *add = NULL;
+                        _cleanup_free_ char *name = NULL;
                         _cleanup_close_ int fd = -1;
-                        /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but
-                         * according to suggestions from the SELinux people this will change and it will probably be
-                         * identical to NAME_MAX. For now we use that, but this should be updated one day when the final
-                         * limit is known. */
-                        char iov_buffer[PATH_MAX + NAME_MAX + 2];
-                        struct iovec iov = IOVEC_INIT(iov_buffer, sizeof(iov_buffer));
 
-                        ssize_t n = receive_one_fd_iov(seq[0], &iov, 1, 0, &fd);
-                        if (n == -EIO)
-                                break;
-                        if (n < 0)
-                                return log_debug_errno(n, "Failed to receive item: %m");
-                        iov_buffer[n] = 0;
+                        r = recv_item(seq[0], &name, &fd);
+                        if (r < 0)
+                                return log_debug_errno(r, "Failed to receive item: %m");
 
                         /* We can't really distinguish a zero-length datagram without any fds from EOF (both are signalled the
                          * same way by recvmsg()). Hence, accept either as end notification. */
-                        if (isempty(iov_buffer) && fd < 0)
+                        if (isempty(name) && fd < 0)
                                 break;
 
-                        if (isempty(iov_buffer) || fd < 0)
+                        if (isempty(name) || fd < 0)
                                 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
                                                        "Invalid item sent from child.");
 
-                        /* Given recvmsg cannot be used with multiple io vectors if you don't know the size in advance,
-                         * use a marker to separate the name and the optional SELinux context. */
-                        char *selinux_label = memchr(iov_buffer, 0, n);
-                        assert(selinux_label);
-                        selinux_label++;
-
-                        add = portable_metadata_new(iov_buffer, path, selinux_label, fd);
+                        add = portable_metadata_new(name, path, fd);
                         if (!add)
                                 return -ENOMEM;
                         fd = -1;
@@ -1098,10 +1126,7 @@ static int attach_unit_file(
                 _cleanup_(unlink_and_freep) char *tmp = NULL;
                 _cleanup_close_ int fd = -1;
 
-                (void) mac_selinux_create_file_prepare_label(path, m->selinux_label);
-
                 fd = open_tmpfile_linkable(path, O_WRONLY|O_CLOEXEC, &tmp);
-                mac_selinux_create_file_clear(); /* Clear immediately in case of errors */
                 if (fd < 0)
                         return log_debug_errno(fd, "Failed to create unit file '%s': %m", path);
 

src/portable/portable.h

@@ -12,7 +12,6 @@ typedef struct PortableMetadata {
         int fd;
         char *source;
         char *image_path;
-        char *selinux_label;
         char name[];
 } PortableMetadata;
 

src/shared/mount-setup.c

@@ -278,7 +278,7 @@ static int symlink_controller(const char *target, const char *alias) {
         if (r < 0)
                 return log_error_errno(r, "Failed to create symlink %s: %m", a);
 
-#if HAVE_SMACK_RUN_LABEL
+#ifdef SMACK_RUN_LABEL
         const char *p;
 
         p = strjoina("/sys/fs/cgroup/", target);

src/shared/selinux-util.c

@@ -562,21 +562,6 @@ int mac_selinux_create_file_prepare(const char *path, mode_t mode) {
 #endif
 }
 
-int mac_selinux_create_file_prepare_label(const char *path, const char *label) {
-#if HAVE_SELINUX
-
-        if (!label)
-                return 0;
-
-        if (!mac_selinux_use())
-                return 0;
-
-        if (setfscreatecon_raw(label) < 0)
-                return log_enforcing_errno(errno, "Failed to set specified SELinux security context '%s' for '%s': %m", label, strna(path));
-#endif
-        return 0;
-}
-
 void mac_selinux_create_file_clear(void) {
 
 #if HAVE_SELINUX

src/shared/selinux-util.h

@@ -43,7 +43,6 @@ char* mac_selinux_free(char *label);
 
 int mac_selinux_create_file_prepare(const char *path, mode_t mode);
 int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode);
-int mac_selinux_create_file_prepare_label(const char *path, const char *label);
 void mac_selinux_create_file_clear(void);
 
 int mac_selinux_create_socket_prepare(const char *label);

src/shared/smack-util.c

@@ -284,16 +284,3 @@ int mac_smack_copy(const char *dest, const char *src) {
         return 0;
 }
 #endif
-
-int rename_and_apply_smack_floor_label(const char *from, const char *to) {
-        int r = 0;
-        if (rename(from, to) < 0)
-                return -errno;
-
-#if HAVE_SMACK_RUN_LABEL
-        r = mac_smack_apply(to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL);
-        if (r < 0)
-                return r;
-#endif
-        return r;
-}

src/shared/smack-util.h

@@ -44,5 +44,3 @@ int mac_smack_apply(const char *path, SmackAttr attr, const char *label);
 int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label);
 int mac_smack_apply_pid(pid_t pid, const char *label);
 int mac_smack_copy(const char *dest, const char *src);
-
-int rename_and_apply_smack_floor_label(const char *temp_path, const char *dest_path);

test/test-functions

@@ -190,7 +190,6 @@ BASICTOOLS=(
     umount
     uname
     unshare
-    wc
     xargs
     xzcat
 )
@@ -1551,7 +1550,7 @@ install_basic_tools() {
 
 install_debug_tools() {
     dinfo "Install debug tools"
-    image_install -o "${DEBUGTOOLS[@]}"
+    image_install "${DEBUGTOOLS[@]}"
 
     if get_bool "$INTERACTIVE_DEBUG"; then
         # Set default TERM from vt220 to linux, so at least basic key shortcuts work