diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2020-07-10 21:48:02 +0200 |
|---|---|---|
| committer | Christian Göttsche <cgzones@googlemail.com> | 2020-07-10 21:55:13 +0200 |
| commit | 8d9cbd809db492df9d94c0c664bd0d2e53416531 (patch) | |
| tree | f8f345cd87fdedcb77e995dc3b692834d9469ef2 | |
| parent | 7a3e4dc38b3e3ef60d4886aa2c1cb871f49bfee9 (diff) | |
| download | systemd-8d9cbd809db492df9d94c0c664bd0d2e53416531.tar.gz | |
selinux: create standard user-runtime nodes with default context
Currently systemd-user-runtime-dir does not create the files in
/run/user/$UID/systemd/inaccessible with the default SELinux label.
The user and role part of these labels should be based on the user
related to $UID and not based on the process context of
systemd-user-runtime-dir.
Since v246-rc1 (9664be199af6) /run/user/$UID/systemd is also created by
systemd-user-runtime-dir and should also be created with the default
SELinux context.
| -rw-r--r-- | src/shared/dev-setup.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/shared/dev-setup.c b/src/shared/dev-setup.c index 6a280cde01..7641909c1b 100644 --- a/src/shared/dev-setup.c +++ b/src/shared/dev-setup.c @@ -103,9 +103,9 @@ int make_inaccessible_nodes( return log_oom(); if (S_ISDIR(table[i].mode)) - r = mkdir(path, table[i].mode & 07777); + r = mkdir_label(path, table[i].mode & 07777); else - r = mknod(path, table[i].mode, makedev(0, 0)); + r = mknod_label(path, table[i].mode, makedev(0, 0)); if (r < 0) { if (errno != EEXIST) log_debug_errno(errno, "Failed to create '%s', ignoring: %m", path); |