SELinux: label created symlink instead of node

The current code will label the target of a symlink rather than the
link itself.  This means that the link does not get it's context set
and the target gets the wrong context.
Incidentally this affects the labelling of hard disk device nodes and
can get in the way of booting.

Also get_media() should not be called with devname==NULL.

diff --git a/udev_selinux.c b/udev_selinux.c
index b802e1fc6ee36016824db6968129ee0041839e37..a305e241367e18dc1fafaeebc5765e0fe4c58eeb 100644 (file)
--- a/udev_selinux.c
+++ b/udev_selinux.c
@@ -90,10 +90,13 @@ void selinux_setfilecon(const char *file, const char *devname, unsigned int mode
                char *media;
                int ret = -1;
 
-               media = get_media(devname, mode);
-               if (media) {
-                       ret = matchmediacon(media, &scontext);
-                       free(media);
+               if(devname)
+               {
+                       media = get_media(devname, mode);
+                       if (media) {
+                               ret = matchmediacon(media, &scontext);
+                               free(media);
+                       }
                }
 
                if (ret < 0)
@@ -102,7 +105,7 @@ void selinux_setfilecon(const char *file, const char *devname, unsigned int mode
                                return;
                        } 
 
-               if (setfilecon(file, scontext) < 0)
+               if (lsetfilecon(file, scontext) < 0)
                        err("setfilecon %s failed: %s", file, strerror(errno));
 
                freecon(scontext);