hostsfile: Copy the SELinux context to the temp file before overwrite (…

…#273)

* hostsfile: Copy the SELinux context to the temp file before overwrite

On SELinux-enabled systems, /etc/hosts has a different type `net_conf_t`
than the other files in /etc, so the temporary file that overwrites it
ends up with the wrong context, resulting in many system services
becoming unable to access the file. To fix this, manually look up the
context /etc/hosts has and copy it to the temporary file before
the rename.

In order to avoid depending on libselinux on systems that don't use it,
this support is gated behind the new "selinux" feature. It *is*
installed and enabled in the Dockerfile, however, in order to ensure
that it still builds.

* Appease clippy

* Add info about selinux feature to README.md

* Remove unused ClientError struct

* Reformatted & repositioned and improved doc about selinux

---------

Co-authored-by: Brian Schwind <[email protected]>
Co-authored-by: Jürgen Botz <[email protected]>

README.md

@@ -226,6 +226,12 @@ Note that you'll be responsible for updating manually.
 
 ## Development
 
+### Cargo build feature for SELinux
+
+If your target system uses SELinux, you will want to enable the 'selinux' feature when building the innernet binary.
+This will ensure that innernet maintains the correct selinux context on the /etc/hosts file when adding hosts.  To do so add ```--features selinux``` to the ```cargo build``` options.
+The `selinux-devel` package will need to be installed for the correct headers.
+
 ### `innernet-server` Build dependencies
 
 - `rustc` / `cargo` (version 1.50.0 or higher)

client/Cargo.toml

@@ -40,6 +40,9 @@ wireguard-control = { path = "../wireguard-control" }
 once_cell = "1.17.1"
 tempfile = "3"
 
+[features]
+selinux = ["hostsfile/selinux"]
+
 [package.metadata.deb]
 assets = [
   ["target/release/innernet", "usr/bin/", "755"],