diff options
author | Kay Sievers <kay@vrfy.org> | 2013-10-09 17:31:00 +0200 |
---|---|---|
committer | Kay Sievers <kay@vrfy.org> | 2013-10-09 17:31:41 +0200 |
commit | 463b5dbb0d10227230468ee3adc3b50fce7d0707 (patch) | |
tree | 048fe40e302b9dba74d60372cf336ddb8b01f6af | |
parent | 35bffce819222e18dd363027d7a6ad4fc245b05f (diff) |
udev: add SECLABEL{selinux}= support
-rw-r--r-- | src/shared/label.c | 12 | ||||
-rw-r--r-- | src/shared/label.h | 2 | ||||
-rw-r--r-- | src/udev/udev-node.c | 6 |
3 files changed, 18 insertions, 2 deletions
diff --git a/src/shared/label.c b/src/shared/label.c index fde39f2259..5c7cc1c906 100644 --- a/src/shared/label.c +++ b/src/shared/label.c @@ -384,3 +384,15 @@ skipped: #endif return bind(fd, addr, addrlen) < 0 ? -errno : 0; } + +int label_apply(const char *path, const char *label) { + int r = 0; + +#ifdef HAVE_SELINUX + if (!use_selinux()) + return 0; + + r = setfilecon(path, (char *)label); +#endif + return r; +} diff --git a/src/shared/label.h b/src/shared/label.h index 09e15e3c08..b190e69a61 100644 --- a/src/shared/label.h +++ b/src/shared/label.h @@ -46,6 +46,8 @@ void label_retest_selinux(void); int label_bind(int fd, const struct sockaddr *addr, socklen_t addrlen); +int label_apply(const char *path, const char *label); + int label_write_one_line_file_atomic(const char *fn, const char *line); int label_write_env_file(const char *fname, char **l); int label_fopen_temporary(const char *path, FILE **_f, char **_temp_path); diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c index 74c19539ab..187e24e5b6 100644 --- a/src/udev/udev-node.c +++ b/src/udev/udev-node.c @@ -305,8 +305,10 @@ static int node_permissions_apply(struct udev_device *dev, bool apply, if (streq(name, "selinux")) { selinux = true; - /* FIXME: hook up libselinux */ - log_error("SECLABEL: failed to set selinux label '%s'", label); + if (label_apply(devnode, label) < 0) + log_error("SECLABEL: failed to set SELinux label '%s'", label); + else + log_debug("SECLABEL: set SELinux label '%s'", label); #ifdef HAVE_SMACK } else if (streq(name, "smack")) { |