Commit Graph

16 Commits

Author SHA1 Message Date
Russell Coker
eb8b496e89 SELinux: label created symlink instead of node
The current code will label the target of a symlink rather than the
link itself.  This means that the link does not get it's context set
and the target gets the wrong context.
Incidentally this affects the labelling of hard disk device nodes and
can get in the way of booting.

Also get_media() should not be called with devname==NULL.
2006-12-05 14:32:44 +01:00
Kay Sievers
27b77df44d update source file headers 2006-08-28 00:29:11 +02:00
Kay Sievers
c7a42aea3c selinux: fix typo in block device node selection 2006-05-07 22:31:06 +02:00
Kay Sievers
1aa1e24848 replace libsysfs
We never used any of the libsysfs convenience features. Here we replace
it completely with 300 lines of code, which are much simpler and a bit
faster cause udev(d) does not open any syfs file for a simple event which
does not need any parent device information.

Signed-off-by: Kay Sievers <kay.sievers@suse.de>
2006-01-09 21:18:00 +01:00
Marco d'Itri
68cfe3b5c8 udev_selinux.c: include udev.h 2005-12-26 17:21:25 +01:00
Kay Sievers
1698d39857 use udev_root instead of "/dev"in selinux matchpathcon_init_prefix()
Taken from Red Hat CVS:
  udev-075-selinux.patch
2005-12-22 17:29:20 +01:00
Harald Hoyer
65e63a710e optimize SELinux path match 2005-12-06 19:00:40 +01:00
Marco d'Itri
df4e89bfa6 move some logging from dbg() to info() 2005-11-07 18:52:03 +01:00
Marco d'Itri
ff3e4bed21 add strerror() to error logs 2005-11-07 18:44:18 +01:00
Greg KH
4d7726399b selinux merge fixups again... 2005-04-26 23:52:14 -07:00
Greg KH
7eb92135c6 more merge fixups, looks like i missed a selinux patch somewhere... 2005-04-26 23:48:29 -07:00
pebenito@gentoo.org
b55e654026 [PATCH] udev selinux fix
Here is a fix for the SELinux part of udev.

Setfscreatecon() overrides the default labeling behavior of SELinux when
creating files, so it should only be used for as short of a time as
possible, around the mknod or symlink calls.  Without this, the files in
udev_db get the wrong label because the fscreatecon is reset after the
udev_db file creation instead of before.  I'm guessing the Redhat people
missed this because they modify udev_db to be one big file instead of a
directory of small files (at least that's what I'm told).  I created
selinux_resetfscreatecon() to reset the fscreatecon asap after the
file/node is created.

Fixed a memory leak in selinux_init.  Getfscreatecon() allocates memory
for the context, and the udev code was immediately setting the pointer
(security_context_t is actually a typedef'ed char*) to NULL after the
call regardless of success/failure.  If you're wondering about the case
where there's effectively a setfscreatecon(NULL), this is ok, as its
used to tell SELinux to do the default labeling behavior.

Renamed selinux_restore() to selinux_exit() due to the changed behavior.

Fixed a couple of dbg() messages.
2005-04-26 23:39:48 -07:00
kay.sievers@vrfy.org
fbda4a34d8 [PATCH] selinux: cleanup udev integration
Move code into a .c-file instead of big inline functions in a header file.
Pass the device name down instead of relying that the node name is equal
to the kernel name.
2005-04-26 23:24:19 -07:00
greg@kroah.com
0384e43ad9 [PATCH] move udev_selinux into extras/selinux 2005-04-26 21:35:11 -07:00
greg@kroah.com
b528cd4920 [PATCH] first cut at standalone udev_selinux program.
Will not work, need to finish working on this on a system with selinux installed...
2005-04-26 21:35:11 -07:00
greg@kroah.com
8481f8ce2b [PATCH] Add initial SELinux support for udev
Based on a patch from Daniel J Walsh <dwalsh@redhat.com>
2005-04-26 21:32:31 -07:00