If chcon fails, check if label is already correct

Currently if a user attempts to chcon a file or directory and fails for
any reason check if the file already has the right label, and continue.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

go-selinux/rchcon.go

@@ -12,7 +12,20 @@ import (
 )
 
 func rchcon(fpath, label string) error {
+	slowMode := false
+	// If the current label matches the new label, assume
+	// other labels are correct.
+	if currentLabel, err := lFileLabel(fpath); err == nil &&
+		label == currentLabel {
+		slowMode = true
+	}
 	return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error {
+		if slowMode {
+			if currentLabel, err := lFileLabel(p); err == nil &&
+				label == currentLabel {
+				return nil
+			}
+		}
 		e := lSetFileLabel(p, label)
 		// Walk a file tree can race with removal, so ignore ENOENT.
 		if errors.Is(e, os.ErrNotExist) {

go-selinux/selinux_linux.go

@@ -1102,7 +1102,18 @@ func chcon(fpath string, label string, recurse bool) error {
 	}
 
 	if !recurse {
-		return setFileLabel(fpath, label)
+		err := lSetFileLabel(fpath, label)
+		if err == nil {
+			return nil
+		}
+		if errors.Is(err, os.ErrNotExist) {
+			return err
+		}
+		flabel, _ := lFileLabel(fpath)
+		if flabel == label {
+			return nil
+		}
+		return err
 	}
 
 	return rchcon(fpath, label)

go.mod

@@ -1,5 +1,5 @@
 module github.com/opencontainers/selinux
 
-go 1.13
+go 1.18
 
-require golang.org/x/sys v0.0.0-20191115151921-52ab43148777
+require golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a

go.sum

@@ -1,2 +1,2 @@
-golang.org/x/sys v0.0.0-20191115151921-52ab43148777 h1:wejkGHRTr38uaKRqECZlsCsJ1/TGxIyFbH32x5zUdu4=
-golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=