set SELinux context on 'add' but not on 'change' events

author: Kay Sievers <kay.sievers@vrfy.org> 2010-08-31 21:29:21 +0200
committer: Kay Sievers <kay.sievers@vrfy.org> 2010-08-31 21:29:21 +0200
commit: 326c5fc3ea684825629eccaf33a548759162a539 (patch)
tree: 363d3625a2da5e7d903df409d10da68092b3d206 /udev/udev-node.c
parent: 5e267ea5a36de0b2a9a8965ca93dd45bbd6b1a8b (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/udev/udev-node.c b/udev/udev-node.c
index 228b3ebee4..c8113f10b0 100644
--- a/udev/udev-node.c
+++ b/udev/udev-node.c
@@ -56,10 +56,17 @@ int udev_node_mknod(struct udev_device *dev, const char *file, mode_t mode, uid_
 				info(udev, "set permissions %s, %#o, uid=%u, gid=%u\n", file, mode, uid, gid);
 				chmod(file, mode);
 				chown(file, uid, gid);
-				udev_selinux_lsetfilecon(udev, file, mode);
 			} else {
 				info(udev, "preserve permissions %s, %#o, uid=%u, gid=%u\n", file, mode, uid, gid);
 			}
+			/*
+			 * Set initial selinux file context only on add events.
+			 * We set the proper context on bootup (triger) or for newly
+			 * added devices, but we don't change it later, in case
+			 * something else has set a custom context in the meantime.
+			 */
+			if (strcmp(udev_device_get_action(dev), "add") == 0)
+				udev_selinux_lsetfilecon(udev, file, mode);
 			/* always update timestamp when we re-use the node, like on media change events */
 			utimensat(AT_FDCWD, file, NULL, 0);
 		} else {
author	Kay Sievers <kay.sievers@vrfy.org>	2010-08-31 21:29:21 +0200
committer	Kay Sievers <kay.sievers@vrfy.org>	2010-08-31 21:29:21 +0200
commit	326c5fc3ea684825629eccaf33a548759162a539 (patch)
tree	363d3625a2da5e7d903df409d10da68092b3d206 /udev/udev-node.c
parent	5e267ea5a36de0b2a9a8965ca93dd45bbd6b1a8b (diff)