selinux: do not label files in runtime dir

Do not label any files in the udev runtime directory, but only nodes,
links and directories below /dev.

In case the runtime directory falls back to /dev/.udev, label this
directory once at udevd startup, but never anything below it.

1 files changed, 15 insertions, 3 deletions

diff --git a/libudev/libudev-util-private.c b/libudev/libudev-util-private.c
index 6b68b6a366..19f979eeab 100644
--- a/libudev/libudev-util-private.c
+++ b/libudev/libudev-util-private.c
@@ -25,7 +25,7 @@
 #include "libudev.h"
 #include "libudev-private.h"
 
-int util_create_path(struct udev *udev, const char *path)
+static int create_path(struct udev *udev, const char *path, bool selinux)
 {
 	char p[UTIL_PATH_SIZE];
 	char *pos;
@@ -55,7 +55,8 @@ int util_create_path(struct udev *udev, const char *path)
 		return err;
 
 	dbg(udev, "mkdir '%s'\n", p);
-	udev_selinux_setfscreatecon(udev, p, S_IFDIR|0755);
+	if (selinux)
+		udev_selinux_setfscreatecon(udev, p, S_IFDIR|0755);
 	err = mkdir(p, 0755);
 	if (err != 0) {
 		err = -errno;
@@ -66,10 +67,21 @@ int util_create_path(struct udev *udev, const char *path)
 				err = -ENOTDIR;
 		}
 	}
-	udev_selinux_resetfscreatecon(udev);
+	if (selinux)
+		udev_selinux_resetfscreatecon(udev);
 	return err;
 }
 
+int util_create_path(struct udev *udev, const char *path)
+{
+	return create_path(udev, path, false);
+}
+
+int util_create_path_selinux(struct udev *udev, const char *path)
+{
+	return create_path(udev, path, true);
+}
+
 int util_delete_path(struct udev *udev, const char *path)
 {
 	char p[UTIL_PATH_SIZE];