From d2e54fae5ca7a0f71b5ac8b356a589ff0a09ea0a Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Thu, 31 May 2012 12:40:20 +0200 Subject: mkdir: append _label to all mkdir() calls that explicitly set the selinux context --- src/shared/ask-password-api.c | 2 +- src/shared/cgroup-label.c | 2 +- src/shared/install.c | 2 +- src/shared/mkdir.c | 12 ++++++++---- src/shared/mkdir.h | 7 ++++--- src/shared/path-lookup.c | 2 +- src/shared/socket-label.c | 2 +- 7 files changed, 17 insertions(+), 12 deletions(-) (limited to 'src/shared') diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index 55be807cf2..4333bfb564 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -324,7 +324,7 @@ int ask_password_agent( sigset_add_many(&mask, SIGINT, SIGTERM, -1); assert_se(sigprocmask(SIG_BLOCK, &mask, &oldmask) == 0); - mkdir_p("/run/systemd/ask-password", 0755); + mkdir_p_label("/run/systemd/ask-password", 0755); u = umask(0022); fd = mkostemp(temp, O_CLOEXEC|O_CREAT|O_WRONLY); diff --git a/src/shared/cgroup-label.c b/src/shared/cgroup-label.c index 06e3c16260..beeeec5830 100644 --- a/src/shared/cgroup-label.c +++ b/src/shared/cgroup-label.c @@ -47,7 +47,7 @@ int cg_create(const char *controller, const char *path) { if (r < 0) return r; - r = mkdir_parents(fs, 0755); + r = mkdir_parents_label(fs, 0755); if (r >= 0) { if (mkdir(fs, 0755) >= 0) diff --git a/src/shared/install.c b/src/shared/install.c index 7e4f666952..40b137e437 100644 --- a/src/shared/install.c +++ b/src/shared/install.c @@ -1151,7 +1151,7 @@ static int create_symlink( assert(old_path); assert(new_path); - mkdir_parents(new_path, 0755); + mkdir_parents_label(new_path, 0755); if (symlink(old_path, new_path) >= 0) { add_file_change(changes, n_changes, UNIT_FILE_SYMLINK, new_path, old_path); diff --git a/src/shared/mkdir.c b/src/shared/mkdir.c index b102af779d..0eb70f268e 100644 --- a/src/shared/mkdir.c +++ b/src/shared/mkdir.c @@ -31,7 +31,11 @@ #include "util.h" #include "log.h" -int safe_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid) { +int mkdir_label(const char *path, mode_t mode) { + return label_mkdir(path, mode); +} + +int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) { struct stat st; if (label_mkdir(path, mode) >= 0) @@ -52,7 +56,7 @@ int safe_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid) { return 0; } -int mkdir_parents(const char *path, mode_t mode) { +int mkdir_parents_label(const char *path, mode_t mode) { struct stat st; const char *p, *e; @@ -96,12 +100,12 @@ int mkdir_parents(const char *path, mode_t mode) { } } -int mkdir_p(const char *path, mode_t mode) { +int mkdir_p_label(const char *path, mode_t mode) { int r; /* Like mkdir -p */ - if ((r = mkdir_parents(path, mode)) < 0) + if ((r = mkdir_parents_label(path, mode)) < 0) return r; if (label_mkdir(path, mode) < 0 && errno != EEXIST) diff --git a/src/shared/mkdir.h b/src/shared/mkdir.h index b1477c5f63..1a332bbcf8 100644 --- a/src/shared/mkdir.h +++ b/src/shared/mkdir.h @@ -22,7 +22,8 @@ along with systemd; If not, see . ***/ -int safe_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid); -int mkdir_parents(const char *path, mode_t mode); -int mkdir_p(const char *path, mode_t mode); +int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid); +int mkdir_label(const char *path, mode_t mode); +int mkdir_parents_label(const char *path, mode_t mode); +int mkdir_p_label(const char *path, mode_t mode); #endif diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c index 32ddb38865..a9c3e21d51 100644 --- a/src/shared/path-lookup.c +++ b/src/shared/path-lookup.c @@ -122,7 +122,7 @@ static char** user_dirs( * then filter out this link, if it is actually is * one. */ - mkdir_parents(data_home, 0777); + mkdir_parents_label(data_home, 0777); (void) symlink("../../../.config/systemd/user", data_home); } diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c index 5158beeda8..ff212de825 100644 --- a/src/shared/socket-label.c +++ b/src/shared/socket-label.c @@ -106,7 +106,7 @@ int socket_address_listen( mode_t old_mask; /* Create parents */ - mkdir_parents(a->sockaddr.un.sun_path, directory_mode); + mkdir_parents_label(a->sockaddr.un.sun_path, directory_mode); /* Enforce the right access mode for the socket*/ old_mask = umask(~ socket_mode); -- cgit v1.2.3-54-g00ecf