label: fix systemd-udev labeling of /run directory.

systemd-udev is currently incorrectly labeling /run/udev/* content because it is
using selinux prefix labeling of /dev.  This patch will allow systemd-udev to
use prefix labeling of /dev and /run.

diff --git a/src/shared/label.c b/src/shared/label.c
index e13eba65501ef7f0264a96a9643b217c6aca816c..3e5ea6746957ed7482bdb5b806aa4670fb2d60a6 100644 (file)
--- a/src/shared/label.c
+++ b/src/shared/label.c
@@ -52,7 +52,7 @@ void label_retest_selinux(void) {
 
 #endif
 
-int label_init(const char *prefix) {
+int label_init(const char *prefixes[]) {
         int r = 0;
 
 #ifdef HAVE_SELINUX
@@ -68,9 +68,9 @@ int label_init(const char *prefix) {
         before_mallinfo = mallinfo();
         before_timestamp = now(CLOCK_MONOTONIC);
 
-        if (prefix) {
+        if (prefixes) {
                 struct selinux_opt options[] = {
-                        { .type = SELABEL_OPT_SUBSET, .value = prefix },
+                        { .type = SELABEL_OPT_SUBSET, .values = prefixes },
                 };
 
                 label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));

diff --git a/src/shared/label.h b/src/shared/label.h
index 3f880e363ae4408bf12f4c7a7625d32bf13d6752..90b49ffbe0417878f1733226ba093187cf548531 100644 (file)
--- a/src/shared/label.h
+++ b/src/shared/label.h
@@ -26,7 +26,7 @@
 #include <stdbool.h>
 #include <sys/socket.h>
 
-int label_init(const char *prefix);
+int label_init(const char *prefixes[]);
 void label_finish(void);
 
 int label_fix(const char *path, bool ignore_enoent);

diff --git a/src/test/test-udev.c b/src/test/test-udev.c
index 64bb5cbc3b82e7045c346e7e93f16787433c5950..551f7564f1e7049a72f4694e81f11f3bf43d53eb 100644 (file)
--- a/src/test/test-udev.c
+++ b/src/test/test-udev.c
@@ -45,12 +45,13 @@ int main(int argc, char *argv[])
         const char *action;
         sigset_t mask, sigmask_orig;
         int err = -EINVAL;
+        const char *prefixes[] = { "/dev", "/run", NULL };
 
         udev = udev_new();
         if (udev == NULL)
                 exit(EXIT_FAILURE);
         log_debug("version %s\n", VERSION);
-        label_init("/dev");
+        label_init(prefixes);
 
         sigprocmask(SIG_SETMASK, NULL, &sigmask_orig);
 

diff --git a/src/udev/udevadm.c b/src/udev/udevadm.c
index 5217d7f9dd66fac3efe63b107e404b7f27c9e9b9..fafa31bba45a0e7a75d097a9d283e35faabf7002 100644 (file)
--- a/src/udev/udevadm.c
+++ b/src/udev/udevadm.c
@@ -91,6 +91,7 @@ int main(int argc, char *argv[])
                 { "version", no_argument, NULL, 'V' },
                 {}
         };
+        const char *prefixes[] = { "/dev", "/run", NULL };
         const char *command;
         unsigned int i;
         int rc = 1;
@@ -102,7 +103,8 @@ int main(int argc, char *argv[])
         log_open();
         log_parse_environment();
         udev_set_log_fn(udev, udev_main_log);
-        label_init("/dev");
+
+        label_init(prefixes);
 
         for (;;) {
                 int option;

diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 0d85960e63c71ce6c2191286245f071fd73d3fc5..f6707a5ccb6c1b5b75295c58d05f0325579a1315 100644 (file)
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -1030,6 +1030,7 @@ int main(int argc, char *argv[])
         int fd_ctrl = -1;
         int fd_netlink = -1;
         int fd_worker = -1;
+        const char *prefixes[] = { "/dev", "/run", NULL };
         struct epoll_event ep_ctrl, ep_inotify, ep_signal, ep_netlink, ep_worker;
         struct udev_ctrl_connection *ctrl_conn = NULL;
         int rc = 1;
@@ -1042,7 +1043,7 @@ int main(int argc, char *argv[])
         log_parse_environment();
         udev_set_log_fn(udev, udev_main_log);
         log_debug("version %s\n", VERSION);
-        label_init("/dev");
+        label_init(prefixes);
 
         for (;;) {
                 int option;