chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5e267ea)
set SELinux context on 'add' but not on 'change' events
authorKay Sievers <kay.sievers@vrfy.org>
Tue, 31 Aug 2010 19:29:21 +0000 (21:29 +0200)
committerKay Sievers <kay.sievers@vrfy.org>
Tue, 31 Aug 2010 19:29:21 +0000 (21:29 +0200)
udev/udev-node.c patch | blob | history

diff --git a/udev/udev-node.c b/udev/udev-node.c
index 228b3ebee4d43f9fe4ed2be39bb7a3b3197b95ee..c8113f10b094988b8769a3d6ce32b6d6d6a7c8e7 100644 (file)
--- a/udev/udev-node.c
+++ b/udev/udev-node.c
@@ -56,10 +56,17 @@ int udev_node_mknod(struct udev_device *dev, const char *file, mode_t mode, uid_
                                info(udev, "set permissions %s, %#o, uid=%u, gid=%u\n", file, mode, uid, gid);
                                chmod(file, mode);
                                chown(file, uid, gid);
-                               udev_selinux_lsetfilecon(udev, file, mode);
                        } else {
                                info(udev, "preserve permissions %s, %#o, uid=%u, gid=%u\n", file, mode, uid, gid);
                        }
+                       /*
+                        * Set initial selinux file context only on add events.
+                        * We set the proper context on bootup (triger) or for newly
+                        * added devices, but we don't change it later, in case
+                        * something else has set a custom context in the meantime.
+                        */
+                       if (strcmp(udev_device_get_action(dev), "add") == 0)
+                               udev_selinux_lsetfilecon(udev, file, mode);
                        /* always update timestamp when we re-use the node, like on media change events */
                        utimensat(AT_FDCWD, file, NULL, 0);
                } else {
Unnamed repository; edit this file 'description' to name the repository.