label: fix systemd-udev labeling of /run directory.
systemd-udev is currently incorrectly labeling /run/udev/* content because it is using selinux prefix labeling of /dev. This patch will allow systemd-udev to use prefix labeling of /dev and /run.
This commit is contained in:
parent
96ceff5645
commit
9b5af248f0
|
@ -52,7 +52,7 @@ void label_retest_selinux(void) {
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int label_init(const char *prefix) {
|
int label_init(const char *prefixes[]) {
|
||||||
int r = 0;
|
int r = 0;
|
||||||
|
|
||||||
#ifdef HAVE_SELINUX
|
#ifdef HAVE_SELINUX
|
||||||
|
@ -68,9 +68,9 @@ int label_init(const char *prefix) {
|
||||||
before_mallinfo = mallinfo();
|
before_mallinfo = mallinfo();
|
||||||
before_timestamp = now(CLOCK_MONOTONIC);
|
before_timestamp = now(CLOCK_MONOTONIC);
|
||||||
|
|
||||||
if (prefix) {
|
if (prefixes) {
|
||||||
struct selinux_opt options[] = {
|
struct selinux_opt options[] = {
|
||||||
{ .type = SELABEL_OPT_SUBSET, .value = prefix },
|
{ .type = SELABEL_OPT_SUBSET, .values = prefixes },
|
||||||
};
|
};
|
||||||
|
|
||||||
label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));
|
label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
|
|
||||||
int label_init(const char *prefix);
|
int label_init(const char *prefixes[]);
|
||||||
void label_finish(void);
|
void label_finish(void);
|
||||||
|
|
||||||
int label_fix(const char *path, bool ignore_enoent);
|
int label_fix(const char *path, bool ignore_enoent);
|
||||||
|
|
|
@ -45,12 +45,13 @@ int main(int argc, char *argv[])
|
||||||
const char *action;
|
const char *action;
|
||||||
sigset_t mask, sigmask_orig;
|
sigset_t mask, sigmask_orig;
|
||||||
int err = -EINVAL;
|
int err = -EINVAL;
|
||||||
|
const char *prefixes[] = { "/dev", "/run", NULL };
|
||||||
|
|
||||||
udev = udev_new();
|
udev = udev_new();
|
||||||
if (udev == NULL)
|
if (udev == NULL)
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
log_debug("version %s\n", VERSION);
|
log_debug("version %s\n", VERSION);
|
||||||
label_init("/dev");
|
label_init(prefixes);
|
||||||
|
|
||||||
sigprocmask(SIG_SETMASK, NULL, &sigmask_orig);
|
sigprocmask(SIG_SETMASK, NULL, &sigmask_orig);
|
||||||
|
|
||||||
|
|
|
@ -91,6 +91,7 @@ int main(int argc, char *argv[])
|
||||||
{ "version", no_argument, NULL, 'V' },
|
{ "version", no_argument, NULL, 'V' },
|
||||||
{}
|
{}
|
||||||
};
|
};
|
||||||
|
const char *prefixes[] = { "/dev", "/run", NULL };
|
||||||
const char *command;
|
const char *command;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
int rc = 1;
|
int rc = 1;
|
||||||
|
@ -102,7 +103,8 @@ int main(int argc, char *argv[])
|
||||||
log_open();
|
log_open();
|
||||||
log_parse_environment();
|
log_parse_environment();
|
||||||
udev_set_log_fn(udev, udev_main_log);
|
udev_set_log_fn(udev, udev_main_log);
|
||||||
label_init("/dev");
|
|
||||||
|
label_init(prefixes);
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
int option;
|
int option;
|
||||||
|
|
|
@ -1030,6 +1030,7 @@ int main(int argc, char *argv[])
|
||||||
int fd_ctrl = -1;
|
int fd_ctrl = -1;
|
||||||
int fd_netlink = -1;
|
int fd_netlink = -1;
|
||||||
int fd_worker = -1;
|
int fd_worker = -1;
|
||||||
|
const char *prefixes[] = { "/dev", "/run", NULL };
|
||||||
struct epoll_event ep_ctrl, ep_inotify, ep_signal, ep_netlink, ep_worker;
|
struct epoll_event ep_ctrl, ep_inotify, ep_signal, ep_netlink, ep_worker;
|
||||||
struct udev_ctrl_connection *ctrl_conn = NULL;
|
struct udev_ctrl_connection *ctrl_conn = NULL;
|
||||||
int rc = 1;
|
int rc = 1;
|
||||||
|
@ -1042,7 +1043,7 @@ int main(int argc, char *argv[])
|
||||||
log_parse_environment();
|
log_parse_environment();
|
||||||
udev_set_log_fn(udev, udev_main_log);
|
udev_set_log_fn(udev, udev_main_log);
|
||||||
log_debug("version %s\n", VERSION);
|
log_debug("version %s\n", VERSION);
|
||||||
label_init("/dev");
|
label_init(prefixes);
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
int option;
|
int option;
|
||||||
|
|
Loading…
Reference in a new issue