[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: mdev - add selinux support
From: Amadeusz =?UTF-8?B?U8WCYXdpxYRza2k=?= <amade () asmblr ! net>
Date: 2013-12-09 16:37:18
Message-ID: 20131209173718.7a4ae424 () maelstrom ! zone
[Download RAW message or body]
Hello,
Attached patch adds basic selinux support to mdev in what I think is
most efficient way. It relabels file not caring if it was just created
or existed before (for example devtmpfs mount).
Amadeusz S=C5=82awi=C5=84ski
[Attachment #3 (text/x-patch)]
diff -uNr a/util-linux/mdev.c b/util-linux/mdev.c
--- a/util-linux/mdev.c 2013-12-07 14:47:24.122978065 +0100
+++ b/util-linux/mdev.c 2013-12-07 14:47:51.875977453 +0100
@@ -776,6 +776,19 @@
}
if (mknod(node_name, rule->mode | type, makedev(major, minor)) && errno != EEXIST)
bb_perror_msg("can't create '%s'", node_name);
+
+#if ENABLE_SELINUX
+ /* relabel file, don't care if it existed before or was just created */
+ if (is_selinux_enabled()) {
+ security_context_t scontext = NULL;
+ char *node_path = xasprintf("/dev/%s", node_name);
+
+ if (matchpathcon(node_path, rule->mode | type, &scontext) == 0)
+ setfilecon(node_path, scontext);
+ freecon(scontext);
+ }
+#endif
+
if (ENABLE_FEATURE_MDEV_CONF) {
chmod(node_name, rule->mode);
chown(node_name, rule->ugid.uid, rule->ugid.gid);
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic