mounts: automatically create /dev/stderr and friends early on boot so that they are...

diff --git a/src/label.c b/src/label.c
index 01f36eb6ccc56a1830c898827717815963b67763..d037c4c93215bfe67b84439b5eb27c3100c41123 100644 (file)
--- a/src/label.c
+++ b/src/label.c
@@ -173,6 +173,31 @@ int label_fifofile_set(const char *path) {
         return r;
 }
 
+int label_symlinkfile_set(const char *path) {
+        int r = 0;
+
+#ifdef HAVE_SELINUX
+        security_context_t filecon = NULL;
+
+        if (!use_selinux() || !label_hnd)
+                return 0;
+
+        if ((r = selabel_lookup_raw(label_hnd, &filecon, path, S_IFLNK)) == 0) {
+                if ((r = setfscreatecon(filecon)) < 0) {
+                        log_error("Failed to set SELinux file context on %s: %m", path);
+                        r = -errno;
+                }
+
+                freecon(filecon);
+        }
+
+        if (r < 0 && security_getenforce() == 0)
+                r = 0;
+#endif
+
+        return r;
+}
+
 int label_socket_set(const char *label) {
 
 #ifdef HAVE_SELINUX

diff --git a/src/label.h b/src/label.h
index 0c59da1f1c2b500b645f859f7786e16cb84c823c..f1bf5d6d5e2ce449a5474ced579249285dbf9dd2 100644 (file)
--- a/src/label.h
+++ b/src/label.h
@@ -33,6 +33,7 @@ int label_socket_set(const char *label);
 void label_socket_clear(void);
 
 int label_fifofile_set(const char *path);
+int label_symlinkfile_set(const char *path);
 void label_file_clear(void);
 
 void label_free(const char *label);

diff --git a/src/mount-setup.c b/src/mount-setup.c
index d2f05bc5cf2fb56c53a989bb46b4734e06dc973b..fe99f58b6688daa7fb967265e2fca19a5301bf78 100644 (file)
--- a/src/mount-setup.c
+++ b/src/mount-setup.c
@@ -26,6 +26,7 @@
 #include <string.h>
 #include <libgen.h>
 #include <assert.h>
+#include <unistd.h>
 
 #include "mount-setup.h"
 #include "log.h"
@@ -171,13 +172,47 @@ finish:
         return r;
 }
 
+static int symlink_and_label(const char *old_path, const char *new_path) {
+        int r;
+
+        assert(old_path);
+        assert(new_path);
+
+        if ((r = label_symlinkfile_set(new_path)) < 0)
+                return r;
+
+        if (symlink(old_path, new_path) < 0)
+                r = -errno;
+
+        label_file_clear();
+
+        return r;
+}
+
 int mount_setup(void) {
+
+        const char *symlinks =
+                "/proc/kcore\0"      "/dev/core\0"
+                "/proc/self/fd\0"    "/dev/fd\0"
+                "/proc/self/fd/0\0"  "/dev/stdin\0"
+                "/proc/self/fd/1\0"  "/dev/stdout\0"
+                "/proc/self/fd/2\0"  "/dev/stderr\0"
+                "\0";
+
         int r;
         unsigned i;
+        const char *j, *k;
 
         for (i = 0; i < ELEMENTSOF(mount_table); i ++)
                 if ((r = mount_one(mount_table+i)) < 0)
                         return r;
 
+        /* Create a few default symlinks, which are normally created
+         * bei udevd, but some scripts might need them before we start
+         * udevd. */
+
+        NULSTR_FOREACH_PAIR(j, k, symlinks)
+                symlink_and_label(j, k);
+
         return mount_cgroup_controllers();
 }

diff --git a/src/util.h b/src/util.h
index ddf089cfe791ec91a71effb91c9470c38fe21372..3256fbaafc8093e33778c2b518bbb5dd5d083e7f 100644 (file)
--- a/src/util.h
+++ b/src/util.h
@@ -373,6 +373,9 @@ void dual_timestamp_deserialize(FILE *f, const char *line, dual_timestamp *t);
 #define NULSTR_FOREACH(i, l) \
         for ((i) = (l); (i) && *(i); (i) = strchr((i), 0)+1)
 
+#define NULSTR_FOREACH_PAIR(i, j, l)                             \
+        for ((i) = (l), (j) = strchr((i), 0)+1; (i) && *(i); (i) = strchr((j), 0)+1, (j) = *(i) ? strchr((i), 0)+1 : (i))
+
 const char *ioprio_class_to_string(int i);
 int ioprio_class_from_string(const char *s);