X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=udev_selinux.c;h=eec950194c3e7cd7bf62aac2443164544232d36e;hp=cc6f4d7d3fad6716d468315993199afe67399887;hb=2aae673c967a16276c85726975cade2413b5307b;hpb=b55e6540260ac3e38d96a0b6c00514a72d5db218 diff --git a/udev_selinux.c b/udev_selinux.c index cc6f4d7d3..eec950194 100644 --- a/udev_selinux.c +++ b/udev_selinux.c @@ -1,6 +1,4 @@ /* - * udev_selinux.h - * * Copyright (C) 2004 Daniel Walsh * * This program is free software; you can redistribute it and/or modify it @@ -14,7 +12,7 @@ * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., - * 675 Mass Ave, Cambridge, MA 02139, USA. + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * */ @@ -26,12 +24,12 @@ #include #include #include -#include #include +#include #include +#include "udev.h" #include "udev_selinux.h" -#include "logging.h" static security_context_t prev_scontext = NULL; @@ -42,7 +40,7 @@ static int is_selinux_running(void) if (selinux_enabled == -1) selinux_enabled = (is_selinux_enabled() > 0); - dbg("selinux=%i", selinux_enabled); + dbg("selinux=%i\n", selinux_enabled); return selinux_enabled; } @@ -54,7 +52,7 @@ static char *get_media(const char *devname, int mode) int size; char *media = NULL; - if (!(mode && S_IFBLK)) + if (!(mode & S_IFBLK)) return NULL; snprintf(procfile, PATH_MAX, "/proc/ide/%s/media", devname); @@ -92,20 +90,22 @@ void selinux_setfilecon(const char *file, const char *devname, unsigned int mode char *media; int ret = -1; - media = get_media(devname, mode); - if (media) { - ret = matchmediacon(media, &scontext); - free(media); + if (devname) { + media = get_media(devname, mode); + if (media) { + ret = matchmediacon(media, &scontext); + free(media); + } } if (ret < 0) if (matchpathcon(file, mode, &scontext) < 0) { - dbg("matchpathcon(%s) failed\n", file); + err("matchpathcon(%s) failed\n", file); return; } - if (setfilecon(file, scontext) < 0) - dbg("setfilecon %s failed with error '%s'", file, strerror(errno)); + if (lsetfilecon(file, scontext) < 0) + err("setfilecon %s failed: %s\n", file, strerror(errno)); freecon(scontext); } @@ -118,20 +118,22 @@ void selinux_setfscreatecon(const char *file, const char *devname, unsigned int char *media; int ret = -1; - media = get_media(devname, mode); - if (media) { - ret = matchmediacon(media, &scontext); - free(media); + if (devname) { + media = get_media(devname, mode); + if (media) { + ret = matchmediacon(media, &scontext); + free(media); + } } if (ret < 0) if (matchpathcon(file, mode, &scontext) < 0) { - dbg("matchpathcon(%s) failed\n", file); + err("matchpathcon(%s) failed\n", file); return; } if (setfscreatecon(scontext) < 0) - dbg("setfscreatecon %s failed with error '%s'", file, strerror(errno)); + err("setfscreatecon %s failed: %s\n", file, strerror(errno)); freecon(scontext); } @@ -141,7 +143,7 @@ void selinux_resetfscreatecon(void) { if (is_selinux_running()) { if (setfscreatecon(prev_scontext) < 0) - dbg("setfscreatecon %s failed with error '%s'", file, strerror(errno)); + err("setfscreatecon failed: %s\n", strerror(errno)); } } @@ -152,8 +154,11 @@ void selinux_init(void) * restoration creation purposes. */ if (is_selinux_running()) { + if (!udev_root[0]) + err("selinux_init: udev_root not set\n"); + matchpathcon_init_prefix(NULL, udev_root); if (getfscreatecon(&prev_scontext) < 0) { - dbg("getfscreatecon failed\n"); + err("getfscreatecon failed\n"); prev_scontext = NULL; } }