summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKay Sievers <kay@vrfy.org>2013-10-09 17:31:00 +0200
committerKay Sievers <kay@vrfy.org>2013-10-09 17:31:41 +0200
commit463b5dbb0d10227230468ee3adc3b50fce7d0707 (patch)
tree048fe40e302b9dba74d60372cf336ddb8b01f6af
parent35bffce819222e18dd363027d7a6ad4fc245b05f (diff)
udev: add SECLABEL{selinux}= support
-rw-r--r--src/shared/label.c12
-rw-r--r--src/shared/label.h2
-rw-r--r--src/udev/udev-node.c6
3 files changed, 18 insertions, 2 deletions
diff --git a/src/shared/label.c b/src/shared/label.c
index fde39f2259..5c7cc1c906 100644
--- a/src/shared/label.c
+++ b/src/shared/label.c
@@ -384,3 +384,15 @@ skipped:
#endif
return bind(fd, addr, addrlen) < 0 ? -errno : 0;
}
+
+int label_apply(const char *path, const char *label) {
+ int r = 0;
+
+#ifdef HAVE_SELINUX
+ if (!use_selinux())
+ return 0;
+
+ r = setfilecon(path, (char *)label);
+#endif
+ return r;
+}
diff --git a/src/shared/label.h b/src/shared/label.h
index 09e15e3c08..b190e69a61 100644
--- a/src/shared/label.h
+++ b/src/shared/label.h
@@ -46,6 +46,8 @@ void label_retest_selinux(void);
int label_bind(int fd, const struct sockaddr *addr, socklen_t addrlen);
+int label_apply(const char *path, const char *label);
+
int label_write_one_line_file_atomic(const char *fn, const char *line);
int label_write_env_file(const char *fname, char **l);
int label_fopen_temporary(const char *path, FILE **_f, char **_temp_path);
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 74c19539ab..187e24e5b6 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -305,8 +305,10 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
if (streq(name, "selinux")) {
selinux = true;
- /* FIXME: hook up libselinux */
- log_error("SECLABEL: failed to set selinux label '%s'", label);
+ if (label_apply(devnode, label) < 0)
+ log_error("SECLABEL: failed to set SELinux label '%s'", label);
+ else
+ log_debug("SECLABEL: set SELinux label '%s'", label);
#ifdef HAVE_SMACK
} else if (streq(name, "smack")) {