diff options
author | Kay Sievers <kay@vrfy.org> | 2014-01-09 18:55:21 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2014-01-09 18:55:21 -0500 |
commit | 97b903d94eca5cc6cf17262f91e43227998d3301 (patch) | |
tree | 9b82b6a8fb5fd9170f2e92506f3d1c6f3e5a058b | |
parent | ed55ef29406d173fb838211c31058e7941c09d00 (diff) |
udev: add SECLABEL{selinux}= support
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
-rw-r--r-- | src/udev/label.c | 12 | ||||
-rw-r--r-- | src/udev/label.h | 2 | ||||
-rw-r--r-- | src/udev/udev-node.c | 6 |
3 files changed, 18 insertions, 2 deletions
diff --git a/src/udev/label.c b/src/udev/label.c index 5698020672..dca2a21228 100644 --- a/src/udev/label.c +++ b/src/udev/label.c @@ -233,3 +233,15 @@ skipped: #endif return mkdir(path, mode) < 0 ? -errno : 0; } + +int label_apply(const char *path, const char *label) { + int r = 0; + +#ifdef HAVE_SELINUX + if (!use_selinux()) + return 0; + + r = setfilecon(path, (char *)label); +#endif + return r; +} diff --git a/src/udev/label.h b/src/udev/label.h index 3d12ac2a92..a8dbcdc8b7 100644 --- a/src/udev/label.h +++ b/src/udev/label.h @@ -34,3 +34,5 @@ int label_context_set(const char *path, mode_t mode); void label_context_clear(void); int label_mkdir(const char *path, mode_t mode, bool apply); + +int label_apply(const char *path, const char *label); diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c index e09c94dedb..76644ccdba 100644 --- a/src/udev/udev-node.c +++ b/src/udev/udev-node.c @@ -306,8 +306,10 @@ static int node_permissions_apply(struct udev_device *dev, bool apply, if (streq(name, "selinux")) { selinux = true; - /* FIXME: hook up libselinux */ - log_error("SECLABEL: failed to set selinux label '%s'", label); + if (label_apply(devnode, label) < 0) + log_error("SECLABEL: failed to set SELinux label '%s'", label); + else + log_debug("SECLABEL: set SELinux label '%s'", label); #ifdef HAVE_SMACK } else if (streq(name, "smack")) { |