- if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) {
- log_debug("set permissions %s, %#o, uid=%u, gid=%u\n", devnode, mode, uid, gid);
- chmod(devnode, mode);
- chown(devnode, uid, gid);
- } else {
- log_debug("preserve permissions %s, %#o, uid=%u, gid=%u\n", devnode, mode, uid, gid);
- }
+ if (apply) {
+ bool selinux = false;
+ bool smack = false;
+
+ if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) {
+ log_debug("set permissions %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid);
+ err = chmod(devnode, mode);
+ if (err < 0)
+ log_warning("setting mode of %s to %#o failed: %m", devnode, mode);
+ err = chown(devnode, uid, gid);
+ if (err < 0)
+ log_warning("setting owner of %s to uid=%u, gid=%u failed: %m", devnode, uid, gid);
+ } else {
+ log_debug("preserve permissions %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid);
+ }
+
+ /* apply SECLABEL{$module}=$label */
+ udev_list_entry_foreach(entry, udev_list_get_entry(seclabel_list)) {
+ const char *name, *label;
+ int r;
+
+ name = udev_list_entry_get_name(entry);
+ label = udev_list_entry_get_value(entry);
+
+ if (streq(name, "selinux")) {
+ selinux = true;
+
+ r = mac_selinux_apply(devnode, label);
+ if (r < 0)
+ log_error("SECLABEL: failed to set SELinux label '%s': %s", label, strerror(-r));
+ else
+ log_debug("SECLABEL: set SELinux label '%s'", label);