Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
The current code will label the target of a symlink rather than the
link itself. This means that the link does not get it's context set
and the target gets the wrong context.
Incidentally this affects the labelling of hard disk device nodes and
can get in the way of booting.
Also get_media() should not be called with devname==NULL.
|
|
|
|
|
|
We never used any of the libsysfs convenience features. Here we replace
it completely with 300 lines of code, which are much simpler and a bit
faster cause udev(d) does not open any syfs file for a simple event which
does not need any parent device information.
Signed-off-by: Kay Sievers <kay.sievers@suse.de>
|
|
|
|
Taken from Red Hat CVS:
udev-075-selinux.patch
|
|
|
|
|
|
|
|
|
|
|
|
Here is a fix for the SELinux part of udev.
Setfscreatecon() overrides the default labeling behavior of SELinux when
creating files, so it should only be used for as short of a time as
possible, around the mknod or symlink calls. Without this, the files in
udev_db get the wrong label because the fscreatecon is reset after the
udev_db file creation instead of before. I'm guessing the Redhat people
missed this because they modify udev_db to be one big file instead of a
directory of small files (at least that's what I'm told). I created
selinux_resetfscreatecon() to reset the fscreatecon asap after the
file/node is created.
Fixed a memory leak in selinux_init. Getfscreatecon() allocates memory
for the context, and the udev code was immediately setting the pointer
(security_context_t is actually a typedef'ed char*) to NULL after the
call regardless of success/failure. If you're wondering about the case
where there's effectively a setfscreatecon(NULL), this is ok, as its
used to tell SELinux to do the default labeling behavior.
Renamed selinux_restore() to selinux_exit() due to the changed behavior.
Fixed a couple of dbg() messages.
|
|
Move code into a .c-file instead of big inline functions in a header file.
Pass the device name down instead of relying that the node name is equal
to the kernel name.
|
|
|
|
Will not work, need to finish working on this on a system with selinux installed...
|
|
Based on a patch from Daniel J Walsh <dwalsh@redhat.com>
|