From db314328616e2dcaac2e9b22fb947b7408bb4b04 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 14 Dec 2020 16:36:27 +0100
Subject: [PATCH] resolved: create stub-resolv.conf symlink with correct
 security label

Use symlink_atomic_label() instead of symlink_atomic() as the symlink
may need a different label than the parent directory.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
(cherry picked from commit 7b87bece5ded3e8f068df8402901198c069ab5cf)
---
 src/resolve/resolved-resolv-conf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/resolve/resolved-resolv-conf.c b/src/resolve/resolved-resolv-conf.c
index 6fd9959daf..fce5c9b036 100644
--- a/src/resolve/resolved-resolv-conf.c
+++ b/src/resolve/resolved-resolv-conf.c
@@ -10,6 +10,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
+#include "label.h"
 #include "ordered-set.h"
 #include "resolved-conf.h"
 #include "resolved-dns-server.h"
@@ -363,7 +364,7 @@ int manager_write_resolv_conf(Manager *m) {
                         r = log_error_errno(errno, "Failed to move new %s into place: %m", PRIVATE_STUB_RESOLV_CONF);
 
         } else {
-                r = symlink_atomic(basename(PRIVATE_UPLINK_RESOLV_CONF), PRIVATE_STUB_RESOLV_CONF);
+                r = symlink_atomic_label(basename(PRIVATE_UPLINK_RESOLV_CONF), PRIVATE_STUB_RESOLV_CONF);
                 if (r < 0)
                         log_error_errno(r, "Failed to symlink %s: %m", PRIVATE_STUB_RESOLV_CONF);
         }
-- 
2.25.1