From: Russell Coker <russell@coker.com.au>
Date: Tue, 5 Dec 2006 13:32:44 +0000 (+0100)
Subject: SELinux: label created symlink instead of node
X-Git-Tag: 174~2090
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=eb8b496e890de4ba347f78f0e7e978117ab2a479

SELinux: label created symlink instead of node

The current code will label the target of a symlink rather than the
link itself.  This means that the link does not get it's context set
and the target gets the wrong context.
Incidentally this affects the labelling of hard disk device nodes and
can get in the way of booting.

Also get_media() should not be called with devname==NULL.
---

diff --git a/udev_selinux.c b/udev_selinux.c
index b802e1fc6..a305e2413 100644
--- a/udev_selinux.c
+++ b/udev_selinux.c
@@ -90,10 +90,13 @@ void selinux_setfilecon(const char *file, const char *devname, unsigned int mode
 		char *media;
 		int ret = -1;
 
-		media = get_media(devname, mode);
-		if (media) {
-			ret = matchmediacon(media, &scontext);
-			free(media);
+		if(devname)
+		{
+			media = get_media(devname, mode);
+			if (media) {
+				ret = matchmediacon(media, &scontext);
+				free(media);
+			}
 		}
 
 		if (ret < 0)
@@ -102,7 +105,7 @@ void selinux_setfilecon(const char *file, const char *devname, unsigned int mode
 				return;
 			} 
 
-		if (setfilecon(file, scontext) < 0)
+		if (lsetfilecon(file, scontext) < 0)
 			err("setfilecon %s failed: %s", file, strerror(errno));
 
 		freecon(scontext);