diff options
author | Lennart Poettering <lennart@poettering.net> | 2011-08-30 18:49:17 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2011-08-30 18:49:41 +0200 |
commit | af65c248040108830a02860a395f44a186f08495 (patch) | |
tree | 0343d5279ad834cf34bd0c2dee32ed3ee9626c04 | |
parent | 149e180ac35564b6c8bf7757301634b31e3d0054 (diff) |
selinux: explicitly relabel /run/initramfs/root-fsck and friends
-rw-r--r-- | src/mount-setup.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/mount-setup.c b/src/mount-setup.c index f70c4d46f3..7c14ea8e55 100644 --- a/src/mount-setup.c +++ b/src/mount-setup.c @@ -347,26 +347,31 @@ static int nftw_cb( if (_unlikely_(ftwbuf->level == 0)) return FTW_CONTINUE; + label_fix(fpath, true); + /* /run/initramfs is static data and big, no need to - * dynamically relabel it at boot... */ + * dynamically relabel its contents at boot... */ if (_unlikely_(ftwbuf->level == 1 && tflag == FTW_D && streq(fpath, "/run/initramfs"))) return FTW_SKIP_SUBTREE; - label_fix(fpath, true); return FTW_CONTINUE; }; int mount_setup(bool loaded_policy) { - const char symlinks[] = + static const char symlinks[] = "/proc/kcore\0" "/dev/core\0" "/proc/self/fd\0" "/dev/fd\0" "/proc/self/fd/0\0" "/dev/stdin\0" "/proc/self/fd/1\0" "/dev/stdout\0" "/proc/self/fd/2\0" "/dev/stderr\0"; + static const char relabel[] = + "/run/initramfs/root-fsck\0" + "/run/initramfs/shutdown\0"; + int r; unsigned i; const char *j, *k; @@ -391,11 +396,14 @@ int mount_setup(bool loaded_policy) { nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL); nftw("/run", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL); + /* Explicitly relabel these */ + NULSTR_FOREACH(j, relabel) + label_fix(j, true); + after_relabel = now(CLOCK_MONOTONIC); log_info("Relabelled /dev and /run in %s.", format_timespan(timespan, sizeof(timespan), after_relabel - before_relabel)); - } /* Create a few default symlinks, which are normally created @@ -405,8 +413,8 @@ int mount_setup(bool loaded_policy) { symlink_and_label(j, k); /* Create a few directories we always want around */ - mkdir("/run/systemd", 0755); - mkdir("/run/systemd/system", 0755); + label_mkdir("/run/systemd", 0755); + label_mkdir("/run/systemd/system", 0755); return 0; } |