diff options
| author | Kay Sievers <kay.sievers@vrfy.org> | 2011-04-08 01:03:49 +0200 |
|---|---|---|
| committer | Kay Sievers <kay.sievers@vrfy.org> | 2011-04-08 01:09:20 +0200 |
| commit | 51f43b53293c4cc64c2a55598491c6cbf27b6bd5 (patch) | |
| tree | 01074476de708e0ff18728179f81affd47f8062e /libudev | |
| parent | 5e0ec43fc40e3e6dd0e44a7d617846879e1dac9e (diff) | |
selinux: do not label files in runtime dir
Do not label any files in the udev runtime directory, but only nodes,
links and directories below /dev.
In case the runtime directory falls back to /dev/.udev, label this
directory once at udevd startup, but never anything below it.
Diffstat (limited to 'libudev')
| -rw-r--r-- | libudev/libudev-private.h | 1 | ||||
| -rw-r--r-- | libudev/libudev-queue-private.c | 2 | ||||
| -rw-r--r-- | libudev/libudev-util-private.c | 18 |
3 files changed, 16 insertions, 5 deletions
diff --git a/libudev/libudev-private.h b/libudev/libudev-private.h index 7078b0ff3c..8495f9aaee 100644 --- a/libudev/libudev-private.h +++ b/libudev/libudev-private.h @@ -220,6 +220,7 @@ uint64_t util_string_bloom64(const char *str); /* libudev-util-private.c */ int util_create_path(struct udev *udev, const char *path); +int util_create_path_selinux(struct udev *udev, const char *path); int util_delete_path(struct udev *udev, const char *path); int util_unlink_secure(struct udev *udev, const char *filename); uid_t util_lookup_user(struct udev *udev, const char *user); diff --git a/libudev/libudev-queue-private.c b/libudev/libudev-queue-private.c index a714572361..2f1afecb29 100644 --- a/libudev/libudev-queue-private.c +++ b/libudev/libudev-queue-private.c @@ -409,9 +409,7 @@ static void update_failed(struct udev_queue_export *udev_queue_export, /* record event in the failed directory */ udev_queue_export->failed_count++; util_create_path(udev, filename); - udev_selinux_setfscreatecon(udev, filename, S_IFLNK); symlink(udev_device_get_devpath(udev_device), filename); - udev_selinux_resetfscreatecon(udev); break; case DEVICE_QUEUED: diff --git a/libudev/libudev-util-private.c b/libudev/libudev-util-private.c index 6b68b6a366..19f979eeab 100644 --- a/libudev/libudev-util-private.c +++ b/libudev/libudev-util-private.c @@ -25,7 +25,7 @@ #include "libudev.h" #include "libudev-private.h" -int util_create_path(struct udev *udev, const char *path) +static int create_path(struct udev *udev, const char *path, bool selinux) { char p[UTIL_PATH_SIZE]; char *pos; @@ -55,7 +55,8 @@ int util_create_path(struct udev *udev, const char *path) return err; dbg(udev, "mkdir '%s'\n", p); - udev_selinux_setfscreatecon(udev, p, S_IFDIR|0755); + if (selinux) + udev_selinux_setfscreatecon(udev, p, S_IFDIR|0755); err = mkdir(p, 0755); if (err != 0) { err = -errno; @@ -66,10 +67,21 @@ int util_create_path(struct udev *udev, const char *path) err = -ENOTDIR; } } - udev_selinux_resetfscreatecon(udev); + if (selinux) + udev_selinux_resetfscreatecon(udev); return err; } +int util_create_path(struct udev *udev, const char *path) +{ + return create_path(udev, path, false); +} + +int util_create_path_selinux(struct udev *udev, const char *path) +{ + return create_path(udev, path, true); +} + int util_delete_path(struct udev *udev, const char *path) { char p[UTIL_PATH_SIZE]; |