From 8d9cbd809db492df9d94c0c664bd0d2e53416531 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Fri, 10 Jul 2020 21:48:02 +0200 Subject: [PATCH] selinux: create standard user-runtime nodes with default context Currently systemd-user-runtime-dir does not create the files in /run/user/$UID/systemd/inaccessible with the default SELinux label. The user and role part of these labels should be based on the user related to $UID and not based on the process context of systemd-user-runtime-dir. Since v246-rc1 (9664be199af6) /run/user/$UID/systemd is also created by systemd-user-runtime-dir and should also be created with the default SELinux context. --- src/shared/dev-setup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/shared/dev-setup.c b/src/shared/dev-setup.c index 6a280cde01..7641909c1b 100644 --- a/src/shared/dev-setup.c +++ b/src/shared/dev-setup.c @@ -103,9 +103,9 @@ int make_inaccessible_nodes( return log_oom(); if (S_ISDIR(table[i].mode)) - r = mkdir(path, table[i].mode & 07777); + r = mkdir_label(path, table[i].mode & 07777); else - r = mknod(path, table[i].mode, makedev(0, 0)); + r = mknod_label(path, table[i].mode, makedev(0, 0)); if (r < 0) { if (errno != EEXIST) log_debug_errno(errno, "Failed to create '%s', ignoring: %m", path);