diff options
| author | pebenito@gentoo.org <pebenito@gentoo.org> | 2005-03-08 06:57:25 -0800 |
|---|---|---|
| committer | Greg KH <gregkh@suse.de> | 2005-04-26 23:39:48 -0700 |
| commit | b55e6540260ac3e38d96a0b6c00514a72d5db218 (patch) | |
| tree | e5ccd55a113138047deabf65824c6f8711e175ff /udev_selinux.h | |
| parent | e5f053b5312a0f8d62a2bcff8ddb095052d228bc (diff) | |
[PATCH] udev selinux fix
Here is a fix for the SELinux part of udev.
Setfscreatecon() overrides the default labeling behavior of SELinux when
creating files, so it should only be used for as short of a time as
possible, around the mknod or symlink calls. Without this, the files in
udev_db get the wrong label because the fscreatecon is reset after the
udev_db file creation instead of before. I'm guessing the Redhat people
missed this because they modify udev_db to be one big file instead of a
directory of small files (at least that's what I'm told). I created
selinux_resetfscreatecon() to reset the fscreatecon asap after the
file/node is created.
Fixed a memory leak in selinux_init. Getfscreatecon() allocates memory
for the context, and the udev code was immediately setting the pointer
(security_context_t is actually a typedef'ed char*) to NULL after the
call regardless of success/failure. If you're wondering about the case
where there's effectively a setfscreatecon(NULL), this is ok, as its
used to tell SELinux to do the default labeling behavior.
Renamed selinux_restore() to selinux_exit() due to the changed behavior.
Fixed a couple of dbg() messages.
Diffstat (limited to 'udev_selinux.h')
| -rw-r--r-- | udev_selinux.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/udev_selinux.h b/udev_selinux.h index 132a9a6550..d9dfeffad0 100644 --- a/udev_selinux.h +++ b/udev_selinux.h @@ -24,15 +24,17 @@ extern void selinux_setfilecon(const char *file, const char *devname, unsigned int mode); extern void selinux_setfscreatecon(const char *file, const char *devname, unsigned int mode); +extern void selinux_resetfscreatecon(void); extern void selinux_init(void); -extern void selinux_restore(void); +extern void selinux_exit(void); #else static inline void selinux_setfilecon(const char *file, const char *devname, unsigned int mode) {} static inline void selinux_setfscreatecon(const char *file, const char *devname, unsigned int mode) {} +static inline void selinux_resetfscreatecon(void) {} static inline void selinux_init(void) {} -static inline void selinux_restore(void) {} +static inline void selinux_exit(void) {} #endif /* USE_SELINUX */ #endif /* _UDEV_USE_SELINUX */ |