From e1a9c6a30820620c482ed597ff6920a549c49bec Mon Sep 17 00:00:00 2001
From: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
Date: Wed, 26 Aug 2015 12:07:31 +0900
Subject: [PATCH] selinux: fix regression of systemctl subcommands when
 absolute unit file paths are specified

The commit 4938696301a914ec26bcfc60bb99a1e9624e3789 overlooked the
fact that unit files can be specified as unit file paths, not unit
file names, wrongly passing a unit file path to the 1st argument of
manager_load_unit() that handles it as a unit file name. As a result,
the following 4 systemctl subcommands:

    enable
    disable
    reenable
    link
    mask
    unmask

fail with the following error message:

    # systemctl enable /usr/lib/systemd/system/kdump.service
    Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid.
    # systemctl disable /usr/lib/systemd/system/kdump.service
    Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid.
    # systemctl reenable /usr/lib/systemd/system/kdump.service
    Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid.
    # cp /usr/lib/systemd/system/kdump.service /tmp/
    # systemctl link /tmp/kdump.service
    Failed to execute operation: Unit name /tmp/kdump.service is not valid.
    # systemctl mask /usr/lib/systemd/system/kdump.service
    Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid.
    # systemctl unmask /usr/lib/systemd/system/kdump.service
    Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid.

To fix the issue, first check whether a unit file is passed as a unit
file name or a unit file path, and then pass the unit file to the
appropreate argument of manager_load_unit().

By the way, even with this commit mask and unmask reject unit file
paths as follows and this is a correct behavior:

    # systemctl mask /usr/lib/systemd/system/kdump.service
    Failed to execute operation: Invalid argument
    # systemctl unmask /usr/lib/systemd/system/kdump.service
    Failed to execute operation: Invalid argument

Cherry-picked from: 9fa7c1aeb9ec7e9d9f35184ce5c9d334f057d9de
Related: #1185120
---
 src/core/selinux-access.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index 297372d126..6cc0a49b92 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -42,6 +42,7 @@
 #include "selinux-util.h"
 #include "audit-fd.h"
 #include "strv.h"
+#include "path-util.h"
 
 static bool initialized = false;
 
@@ -272,7 +273,10 @@ int mac_selinux_unit_access_check_strv(char **units,
         int r;
 
         STRV_FOREACH(i, units) {
-                r = manager_load_unit(m, *i, NULL, error, &u);
+                if (is_path(*i))
+                        r = manager_load_unit(m, NULL, *i, error, &u);
+                else
+                        r = manager_load_unit(m, *i, NULL, error, &u);
                 if (r < 0)
                         return r;
                 r = mac_selinux_unit_access_check(u, message, permission, error);