summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKay Sievers <kay@vrfy.org>2014-01-09 18:55:21 -0500
committerAnthony G. Basile <blueness@gentoo.org>2014-01-09 18:55:21 -0500
commit97b903d94eca5cc6cf17262f91e43227998d3301 (patch)
tree9b82b6a8fb5fd9170f2e92506f3d1c6f3e5a058b
parented55ef29406d173fb838211c31058e7941c09d00 (diff)
udev: add SECLABEL{selinux}= support
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
-rw-r--r--src/udev/label.c12
-rw-r--r--src/udev/label.h2
-rw-r--r--src/udev/udev-node.c6
3 files changed, 18 insertions, 2 deletions
diff --git a/src/udev/label.c b/src/udev/label.c
index 5698020672..dca2a21228 100644
--- a/src/udev/label.c
+++ b/src/udev/label.c
@@ -233,3 +233,15 @@ skipped:
#endif
return mkdir(path, mode) < 0 ? -errno : 0;
}
+
+int label_apply(const char *path, const char *label) {
+ int r = 0;
+
+#ifdef HAVE_SELINUX
+ if (!use_selinux())
+ return 0;
+
+ r = setfilecon(path, (char *)label);
+#endif
+ return r;
+}
diff --git a/src/udev/label.h b/src/udev/label.h
index 3d12ac2a92..a8dbcdc8b7 100644
--- a/src/udev/label.h
+++ b/src/udev/label.h
@@ -34,3 +34,5 @@ int label_context_set(const char *path, mode_t mode);
void label_context_clear(void);
int label_mkdir(const char *path, mode_t mode, bool apply);
+
+int label_apply(const char *path, const char *label);
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index e09c94dedb..76644ccdba 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -306,8 +306,10 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
if (streq(name, "selinux")) {
selinux = true;
- /* FIXME: hook up libselinux */
- log_error("SECLABEL: failed to set selinux label '%s'", label);
+ if (label_apply(devnode, label) < 0)
+ log_error("SECLABEL: failed to set SELinux label '%s'", label);
+ else
+ log_debug("SECLABEL: set SELinux label '%s'", label);
#ifdef HAVE_SMACK
} else if (streq(name, "smack")) {