From: Lennart Poettering Date: Mon, 4 Apr 2011 14:56:51 +0000 (+0200) Subject: selinux: relabel /run the same way as /dev after loading the policy since they both... X-Git-Tag: v23~5 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=3bbecb2f2cd758e2513993efad01180c7c3c665f selinux: relabel /run the same way as /dev after loading the policy since they both come pre-filled and unlabelled --- diff --git a/src/mount-setup.c b/src/mount-setup.c index 49eab0bfa..a42ed4395 100644 --- a/src/mount-setup.c +++ b/src/mount-setup.c @@ -243,8 +243,10 @@ int mount_setup(void) { * appropriate labels, after mounting. The other virtual API * file systems do not need. */ - if (unlink("/dev/.systemd-relabel-devtmpfs") >= 0) + if (unlink("/dev/.systemd-relabel-run-dev") >= 0) { nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS); + nftw("/run", nftw_cb, 64, FTW_MOUNT|FTW_PHYS); + } /* Create a few default symlinks, which are normally created * bei udevd, but some scripts might need them before we start diff --git a/src/selinux-setup.c b/src/selinux-setup.c index e21ff6bb9..c32c7ad8d 100644 --- a/src/selinux-setup.c +++ b/src/selinux-setup.c @@ -43,9 +43,9 @@ int selinux_setup(char *const argv[]) { return 0; /* Before we load the policy we create a flag file to ensure - * that after the reexec we iterate through /dev to relabel - * things. */ - touch("/dev/.systemd-relabel-devtmpfs"); + * that after the reexec we iterate through /run and /dev to + * relabel things. */ + touch("/dev/.systemd-relabel-run-dev"); if (selinux_init_load_policy(&enforce) == 0) { log_debug("Successfully loaded SELinux policy, reexecuting."); @@ -60,7 +60,7 @@ int selinux_setup(char *const argv[]) { } else { log_full(enforce > 0 ? LOG_ERR : LOG_WARNING, "Failed to load SELinux policy."); - unlink("/dev/.systemd-relabel-devtmpfs"); + unlink("/dev/.systemd-relabel-run-dev"); if (enforce > 0) return -EIO;