summaryrefslogtreecommitdiff
path: root/udev_selinux.c
AgeCommit message (Collapse)Author
2005-04-26[PATCH] udev selinux fixpebenito@gentoo.org
Here is a fix for the SELinux part of udev. Setfscreatecon() overrides the default labeling behavior of SELinux when creating files, so it should only be used for as short of a time as possible, around the mknod or symlink calls. Without this, the files in udev_db get the wrong label because the fscreatecon is reset after the udev_db file creation instead of before. I'm guessing the Redhat people missed this because they modify udev_db to be one big file instead of a directory of small files (at least that's what I'm told). I created selinux_resetfscreatecon() to reset the fscreatecon asap after the file/node is created. Fixed a memory leak in selinux_init. Getfscreatecon() allocates memory for the context, and the udev code was immediately setting the pointer (security_context_t is actually a typedef'ed char*) to NULL after the call regardless of success/failure. If you're wondering about the case where there's effectively a setfscreatecon(NULL), this is ok, as its used to tell SELinux to do the default labeling behavior. Renamed selinux_restore() to selinux_exit() due to the changed behavior. Fixed a couple of dbg() messages.
2005-04-26[PATCH] selinux: cleanup udev integrationkay.sievers@vrfy.org
Move code into a .c-file instead of big inline functions in a header file. Pass the device name down instead of relying that the node name is equal to the kernel name.
2005-04-26[PATCH] move udev_selinux into extras/selinuxgreg@kroah.com
2005-04-26[PATCH] first cut at standalone udev_selinux program.greg@kroah.com
Will not work, need to finish working on this on a system with selinux installed...
2005-04-26[PATCH] Add initial SELinux support for udevgreg@kroah.com
Based on a patch from Daniel J Walsh <dwalsh@redhat.com>