SELinux: label created symlink instead of node

The current code will label the target of a symlink rather than the link itself. This means that the link does not get it's context set and the target gets the wrong context. Incidentally this affects the labelling of hard disk device nodes and can get in the way of booting. Also get_media() should not be called with devname==NULL.
author: Russell Coker <russell@coker.com.au> 2006-12-05 14:32:44 +0100
committer: Kay Sievers <kay.sievers@vrfy.org> 2006-12-05 14:32:44 +0100
commit: eb8b496e890de4ba347f78f0e7e978117ab2a479 (patch)
tree: 4e3477339719f4a273e9e7552dcc8b2228a11462
parent: 5284454d5f4e7ebe6c7095cf78318020ca9991bf (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/udev_selinux.c b/udev_selinux.c
index b802e1fc6e..a305e24136 100644
--- a/udev_selinux.c
+++ b/udev_selinux.c
@@ -90,10 +90,13 @@ void selinux_setfilecon(const char *file, const char *devname, unsigned int mode
 		char *media;
 		int ret = -1;
 
-		media = get_media(devname, mode);
-		if (media) {
-			ret = matchmediacon(media, &scontext);
-			free(media);
+		if(devname)
+		{
+			media = get_media(devname, mode);
+			if (media) {
+				ret = matchmediacon(media, &scontext);
+				free(media);
+			}
 		}
 
 		if (ret < 0)
@@ -102,7 +105,7 @@ void selinux_setfilecon(const char *file, const char *devname, unsigned int mode
 				return;
 			} 
 
-		if (setfilecon(file, scontext) < 0)
+		if (lsetfilecon(file, scontext) < 0)
 			err("setfilecon %s failed: %s", file, strerror(errno));
 
 		freecon(scontext);
author	Russell Coker <russell@coker.com.au>	2006-12-05 14:32:44 +0100
committer	Kay Sievers <kay.sievers@vrfy.org>	2006-12-05 14:32:44 +0100
commit	eb8b496e890de4ba347f78f0e7e978117ab2a479 (patch)
tree	4e3477339719f4a273e9e7552dcc8b2228a11462
parent	5284454d5f4e7ebe6c7095cf78318020ca9991bf (diff)