#include <sys/time.h>
#include <sys/stat.h>
#include <sys/types.h>
-#ifdef HAVE_XATTR
-#include <attr/xattr.h>
-#endif
#include "udev.h"
+#include "smack-util.h"
static int node_symlink(struct udev_device *dev, const char *node, const char *slink)
{
}
if (apply) {
+ bool selinux = false;
+ bool smack = false;
+
if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) {
log_debug("set permissions %s, %#o, uid=%u, gid=%u\n", devnode, mode, uid, gid);
chmod(devnode, mode);
log_debug("preserve permissions %s, %#o, uid=%u, gid=%u\n", devnode, mode, uid, gid);
}
- label_fix(devnode, true, false);
-
/* apply SECLABEL{$module}=$label */
udev_list_entry_foreach(entry, udev_list_get_entry(seclabel_list)) {
const char *name, *label;
label = udev_list_entry_get_value(entry);
if (streq(name, "selinux")) {
- /* FIXME: hook up libselinux */
- log_error("SECLABEL: failed to set selinux label '%s'", label);
+ selinux = true;
+ if (label_apply(devnode, label) < 0)
+ log_error("SECLABEL: failed to set SELinux label '%s'", label);
+ else
+ log_debug("SECLABEL: set SELinux label '%s'", label);
} else if (streq(name, "smack")) {
-#ifdef HAVE_XATTR
- if (lsetxattr(devnode, "security.SMACK64", label, strlen(label), 0) < 0)
+ smack = true;
+ if (smack_label_path(devnode, label) < 0)
log_error("SECLABEL: failed to set SMACK label '%s'", label);
else
log_debug("SECLABEL: set SMACK label '%s'", label);
-#endif
} else
log_error("SECLABEL: unknown subsystem, ignoring '%s'='%s'", name, label);
}
+
+ /* set the defaults */
+ if (!selinux)
+ label_fix(devnode, true, false);
+ if (!smack)
+ smack_label_path(devnode, NULL);
}
/* always update timestamp when we re-use the node, like on media change events */