diff options
| author | pebenito@gentoo.org <pebenito@gentoo.org> | 2005-03-08 06:57:25 -0800 |
|---|---|---|
| committer | Greg KH <gregkh@suse.de> | 2005-04-26 23:39:48 -0700 |
| commit | b55e6540260ac3e38d96a0b6c00514a72d5db218 (patch) | |
| tree | e5ccd55a113138047deabf65824c6f8711e175ff /udev_add.c | |
| parent | e5f053b5312a0f8d62a2bcff8ddb095052d228bc (diff) | |
[PATCH] udev selinux fix
Here is a fix for the SELinux part of udev.
Setfscreatecon() overrides the default labeling behavior of SELinux when
creating files, so it should only be used for as short of a time as
possible, around the mknod or symlink calls. Without this, the files in
udev_db get the wrong label because the fscreatecon is reset after the
udev_db file creation instead of before. I'm guessing the Redhat people
missed this because they modify udev_db to be one big file instead of a
directory of small files (at least that's what I'm told). I created
selinux_resetfscreatecon() to reset the fscreatecon asap after the
file/node is created.
Fixed a memory leak in selinux_init. Getfscreatecon() allocates memory
for the context, and the udev code was immediately setting the pointer
(security_context_t is actually a typedef'ed char*) to NULL after the
call regardless of success/failure. If you're wondering about the case
where there's effectively a setfscreatecon(NULL), this is ok, as its
used to tell SELinux to do the default labeling behavior.
Renamed selinux_restore() to selinux_exit() due to the changed behavior.
Fixed a couple of dbg() messages.
Diffstat (limited to 'udev_add.c')
| -rw-r--r-- | udev_add.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/udev_add.c b/udev_add.c index eeab1ca174..e5bd042a5c 100644 --- a/udev_add.c +++ b/udev_add.c @@ -83,6 +83,7 @@ create: selinux_setfscreatecon(file, udev->kernel_name, mode); retval = mknod(file, mode, devt); + selinux_resetfscreatecon(); if (retval != 0) { dbg("mknod(%s, %#o, %u, %u) failed with error '%s'", file, mode, major(devt), minor(devt), strerror(errno)); @@ -196,6 +197,7 @@ static int create_node(struct udevice *udev, struct sysfs_class_device *class_de /* create symlink(s) if requested */ foreach_strpart(udev->symlink, " ", pos, len) { + int retval; char linkname[NAME_SIZE]; char linktarget[NAME_SIZE]; @@ -227,9 +229,11 @@ static int create_node(struct udevice *udev, struct sysfs_class_device *class_de dbg("symlink(%s, %s)", linktarget, filename); if (!udev->test_run) { - selinux_setfscreatecon(filename, udev->kernel_name, S_IFLNK); unlink(filename); - if (symlink(linktarget, filename) != 0) + selinux_setfscreatecon(filename, udev->kernel_name, S_IFLNK); + retval = symlink(linktarget, filename); + selinux_resetfscreatecon(); + if (retval != 0) dbg("symlink(%s, %s) failed with error '%s'", linktarget, filename, strerror(errno)); } @@ -326,7 +330,7 @@ int udev_add_device(struct udevice *udev, struct sysfs_class_device *class_dev) } exit: - selinux_restore(); + selinux_exit(); return retval; } |