b55e654026
Here is a fix for the SELinux part of udev. Setfscreatecon() overrides the default labeling behavior of SELinux when creating files, so it should only be used for as short of a time as possible, around the mknod or symlink calls. Without this, the files in udev_db get the wrong label because the fscreatecon is reset after the udev_db file creation instead of before. I'm guessing the Redhat people missed this because they modify udev_db to be one big file instead of a directory of small files (at least that's what I'm told). I created selinux_resetfscreatecon() to reset the fscreatecon asap after the file/node is created. Fixed a memory leak in selinux_init. Getfscreatecon() allocates memory for the context, and the udev code was immediately setting the pointer (security_context_t is actually a typedef'ed char*) to NULL after the call regardless of success/failure. If you're wondering about the case where there's effectively a setfscreatecon(NULL), this is ok, as its used to tell SELinux to do the default labeling behavior. Renamed selinux_restore() to selinux_exit() due to the changed behavior. Fixed a couple of dbg() messages.
41 lines
1.4 KiB
C
41 lines
1.4 KiB
C
/*
|
|
* udev_selinux.h
|
|
*
|
|
* Copyright (C) 2004 Daniel Walsh
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation version 2 of the License.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*
|
|
*/
|
|
#ifndef _UDEV_SELINUX_H
|
|
#define _UDEV_SELINUX_H
|
|
|
|
#ifdef USE_SELINUX
|
|
|
|
extern void selinux_setfilecon(const char *file, const char *devname, unsigned int mode);
|
|
extern void selinux_setfscreatecon(const char *file, const char *devname, unsigned int mode);
|
|
extern void selinux_resetfscreatecon(void);
|
|
extern void selinux_init(void);
|
|
extern void selinux_exit(void);
|
|
|
|
#else
|
|
|
|
static inline void selinux_setfilecon(const char *file, const char *devname, unsigned int mode) {}
|
|
static inline void selinux_setfscreatecon(const char *file, const char *devname, unsigned int mode) {}
|
|
static inline void selinux_resetfscreatecon(void) {}
|
|
static inline void selinux_init(void) {}
|
|
static inline void selinux_exit(void) {}
|
|
|
|
#endif /* USE_SELINUX */
|
|
#endif /* _UDEV_USE_SELINUX */
|