From d2e54fae5ca7a0f71b5ac8b356a589ff0a09ea0a Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Thu, 31 May 2012 12:40:20 +0200 Subject: [PATCH] mkdir: append _label to all mkdir() calls that explicitly set the selinux context --- src/core/automount.c | 4 ++-- src/core/dbus.c | 2 +- src/core/manager.c | 2 +- src/core/mount-setup.c | 6 +++--- src/core/mount.c | 4 ++-- src/core/path.c | 2 +- src/core/shutdown.c | 2 +- src/core/socket.c | 2 +- src/cryptsetup/cryptsetup-generator.c | 6 +++--- src/fstab-generator/fstab-generator.c | 10 +++++----- src/getty-generator/getty-generator.c | 2 +- src/journal/coredump.c | 2 +- src/journal/journald.c | 2 +- src/libudev/libudev-device-private.c | 4 ++-- src/locale/localed.c | 2 +- src/login/logind-dbus.c | 6 +++--- src/login/logind-inhibit.c | 4 ++-- src/login/logind-seat.c | 2 +- src/login/logind-session.c | 4 ++-- src/login/logind-user.c | 6 +++--- src/login/multi-seat-x.c | 2 +- src/nspawn/nspawn.c | 10 +++++----- src/random-seed/random-seed.c | 2 +- src/rc-local-generator/rc-local-generator.c | 2 +- src/shared/ask-password-api.c | 2 +- src/shared/cgroup-label.c | 2 +- src/shared/install.c | 2 +- src/shared/mkdir.c | 12 ++++++++---- src/shared/mkdir.h | 7 ++++--- src/shared/path-lookup.c | 2 +- src/shared/socket-label.c | 2 +- src/shutdownd/shutdownd.c | 2 +- src/test/test-udev.c | 2 +- src/tmpfiles/tmpfiles.c | 2 +- src/tty-ask-password-agent/tty-ask-password-agent.c | 4 ++-- src/udev/udev-builtin-firmware.c | 2 +- src/udev/udev-node.c | 6 +++--- src/udev/udev-watch.c | 2 +- src/udev/udevd.c | 4 ++-- 39 files changed, 74 insertions(+), 69 deletions(-) diff --git a/src/core/automount.c b/src/core/automount.c index e13259b38..64b6cff72 100644 --- a/src/core/automount.c +++ b/src/core/automount.c @@ -499,7 +499,7 @@ static void automount_enter_waiting(Automount *a) { } /* We knowingly ignore the results of this call */ - mkdir_p(a->where, 0555); + mkdir_p_label(a->where, 0555); if (pipe2(p, O_NONBLOCK|O_CLOEXEC) < 0) { r = -errno; @@ -588,7 +588,7 @@ static void automount_enter_runnning(Automount *a) { return; } - mkdir_p(a->where, a->directory_mode); + mkdir_p_label(a->where, a->directory_mode); /* Before we do anything, let's see if somebody is playing games with us? */ if (lstat(a->where, &st) < 0) { diff --git a/src/core/dbus.c b/src/core/dbus.c index 434796456..1bc83a2c2 100644 --- a/src/core/dbus.c +++ b/src/core/dbus.c @@ -1095,7 +1095,7 @@ static int bus_init_private(Manager *m) { goto fail; } - mkdir_parents(p+10, 0755); + mkdir_parents_label(p+10, 0755); unlink(p+10); m->private_bus = dbus_server_listen(p, &error); free(p); diff --git a/src/core/manager.c b/src/core/manager.c index 5c6d63668..dedcb74be 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -2068,7 +2068,7 @@ static int create_generator_dir(Manager *m, char **generator, const char *name) return -ENOMEM; } - r = mkdir_p(p, 0755); + r = mkdir_p_label(p, 0755); if (r < 0) { log_error("Failed to create generator directory: %s", strerror(-r)); free(p); diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index 56ce2ae71..c26dedca6 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -130,7 +130,7 @@ static int mount_one(const MountPoint *p, bool relabel) { /* The access mode here doesn't really matter too much, since * the mounted file system will take precedence anyway. */ - mkdir_p(p->where, 0755); + mkdir_p_label(p->where, 0755); log_debug("Mounting %s to %s of type %s with options %s.", p->what, @@ -404,8 +404,8 @@ int mount_setup(bool loaded_policy) { dev_setup(); /* Create a few directories we always want around */ - label_mkdir("/run/systemd", 0755); - label_mkdir("/run/systemd/system", 0755); + mkdir_label("/run/systemd", 0755); + mkdir_label("/run/systemd/system", 0755); return 0; } diff --git a/src/core/mount.c b/src/core/mount.c index 11ac692c6..b885baab0 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -915,12 +915,12 @@ static void mount_enter_mounting(Mount *m) { m->control_command_id = MOUNT_EXEC_MOUNT; m->control_command = m->exec_command + MOUNT_EXEC_MOUNT; - mkdir_p(m->where, m->directory_mode); + mkdir_p_label(m->where, m->directory_mode); /* Create the source directory for bind-mounts if needed */ p = get_mount_parameters_fragment(m); if (p && mount_is_bind(p)) - mkdir_p(p->what, m->directory_mode); + mkdir_p_label(p->what, m->directory_mode); if (m->from_fragment) r = exec_command_set( diff --git a/src/core/path.c b/src/core/path.c index d6fedc736..6cf03add4 100644 --- a/src/core/path.c +++ b/src/core/path.c @@ -215,7 +215,7 @@ static void path_spec_mkdir(PathSpec *s, mode_t mode) { if (s->type == PATH_EXISTS || s->type == PATH_EXISTS_GLOB) return; - if ((r = mkdir_p(s->path, mode)) < 0) + if ((r = mkdir_p_label(s->path, mode)) < 0) log_warning("mkdir(%s) failed: %s", s->path, strerror(-r)); } diff --git a/src/core/shutdown.c b/src/core/shutdown.c index a8dfe2614..baef66dd9 100644 --- a/src/core/shutdown.c +++ b/src/core/shutdown.c @@ -238,7 +238,7 @@ static int prepare_new_root(void) { } NULSTR_FOREACH(dir, dirs) - if (mkdir_p(dir, 0755) < 0 && errno != EEXIST) { + if (mkdir_p_label(dir, 0755) < 0 && errno != EEXIST) { log_error("Failed to mkdir %s: %m", dir); return -errno; } diff --git a/src/core/socket.c b/src/core/socket.c index df47578a4..633663e7e 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -761,7 +761,7 @@ static int fifo_address_create( assert(path); assert(_fd); - mkdir_parents(path, directory_mode); + mkdir_parents_label(path, directory_mode); r = label_context_set(path, S_IFIFO); if (r < 0) diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index de64afd72..3961d5d96 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -175,7 +175,7 @@ static int create_disk( goto fail; } - mkdir_parents(to, 0755); + mkdir_parents_label(to, 0755); if (symlink(from, to) < 0) { log_error("Failed to create symlink '%s' to '%s': %m", from, to); r = -errno; @@ -193,7 +193,7 @@ static int create_disk( goto fail; } - mkdir_parents(to, 0755); + mkdir_parents_label(to, 0755); if (symlink(from, to) < 0) { log_error("Failed to create symlink '%s' to '%s': %m", from, to); r = -errno; @@ -211,7 +211,7 @@ static int create_disk( goto fail; } - mkdir_parents(to, 0755); + mkdir_parents_label(to, 0755); if (symlink(from, to) < 0) { log_error("Failed to create symlink '%s' to '%s': %m", from, to); r = -errno; diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c index 8676a2053..8419a0c5b 100644 --- a/src/fstab-generator/fstab-generator.c +++ b/src/fstab-generator/fstab-generator.c @@ -151,7 +151,7 @@ static int add_swap(const char *what, struct mntent *me) { goto finish; } - mkdir_parents(lnk, 0755); + mkdir_parents_label(lnk, 0755); if (symlink(unit, lnk) < 0) { log_error("Failed to create symlink: %m"); r = -errno; @@ -174,7 +174,7 @@ static int add_swap(const char *what, struct mntent *me) { goto finish; } - mkdir_parents(lnk, 0755); + mkdir_parents_label(lnk, 0755); if (symlink(unit, lnk) < 0) { log_error("Failed to create symlink: %m"); r = -errno; @@ -326,7 +326,7 @@ static int add_mount(const char *what, const char *where, struct mntent *me) { goto finish; } - mkdir_parents(lnk, 0755); + mkdir_parents_label(lnk, 0755); if (symlink(unit, lnk) < 0) { log_error("Failed to create symlink: %m"); r = -errno; @@ -352,7 +352,7 @@ static int add_mount(const char *what, const char *where, struct mntent *me) { goto finish; } - mkdir_parents(lnk, 0755); + mkdir_parents_label(lnk, 0755); if (symlink(unit, lnk) < 0) { log_error("Failed to creat symlink: %m"); r = -errno; @@ -413,7 +413,7 @@ static int add_mount(const char *what, const char *where, struct mntent *me) { goto finish; } - mkdir_parents(lnk, 0755); + mkdir_parents_label(lnk, 0755); if (symlink(automount_unit, lnk) < 0) { log_error("Failed to create symlink: %m"); r = -errno; diff --git a/src/getty-generator/getty-generator.c b/src/getty-generator/getty-generator.c index 85600263f..bb7c225e0 100644 --- a/src/getty-generator/getty-generator.c +++ b/src/getty-generator/getty-generator.c @@ -47,7 +47,7 @@ static int add_symlink(const char *fservice, const char *tservice) { goto finish; } - mkdir_parents(to, 0755); + mkdir_parents_label(to, 0755); r = symlink(from, to); if (r < 0) { diff --git a/src/journal/coredump.c b/src/journal/coredump.c index 10897f346..300677bb9 100644 --- a/src/journal/coredump.c +++ b/src/journal/coredump.c @@ -54,7 +54,7 @@ static int divert_coredump(void) { log_info("Detected coredump of the journal daemon itself, diverting coredump to /var/lib/systemd/coredump/."); - mkdir_p("/var/lib/systemd/coredump", 0755); + mkdir_p_label("/var/lib/systemd/coredump", 0755); f = fopen("/var/lib/systemd/coredump/core.systemd-journald", "we"); if (!f) { diff --git a/src/journal/journald.c b/src/journal/journald.c index f034a569a..e0e7cce12 100644 --- a/src/journal/journald.c +++ b/src/journal/journald.c @@ -1973,7 +1973,7 @@ static int system_journal_open(Server *s) { /* OK, we really need the runtime journal, so create * it if necessary. */ - (void) mkdir_parents(fn, 0755); + (void) mkdir_parents_label(fn, 0755); r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, NULL, &s->runtime_journal); free(fn); diff --git a/src/libudev/libudev-device-private.c b/src/libudev/libudev-device-private.c index 234773662..bdb0e70c1 100644 --- a/src/libudev/libudev-device-private.c +++ b/src/libudev/libudev-device-private.c @@ -35,7 +35,7 @@ static void udev_device_tag(struct udev_device *dev, const char *tag, bool add) if (add) { int fd; - mkdir_parents(filename, 0755); + mkdir_parents_label(filename, 0755); fd = open(filename, O_WRONLY|O_CREAT|O_CLOEXEC|O_TRUNC|O_NOFOLLOW, 0444); if (fd >= 0) close(fd); @@ -119,7 +119,7 @@ int udev_device_update_db(struct udev_device *udev_device) /* write a database file */ util_strscpyl(filename_tmp, sizeof(filename_tmp), filename, ".tmp", NULL); - mkdir_parents(filename_tmp, 0755); + mkdir_parents_label(filename_tmp, 0755); f = fopen(filename_tmp, "we"); if (f == NULL) { udev_err(udev, "unable to create temporary db file '%s': %m\n", filename_tmp); diff --git a/src/locale/localed.c b/src/locale/localed.c index d582a9cba..56fb339e1 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c @@ -591,7 +591,7 @@ static int write_data_x11(void) { return 0; } - mkdir_parents("/etc/X11/xorg.conf.d", 0755); + mkdir_parents_label("/etc/X11/xorg.conf.d", 0755); r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path); if (r < 0) diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 5cdd0890e..6175d57d8 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -874,7 +874,7 @@ static int attach_device(Manager *m, const char *seat, const char *sysfs) { goto finish; } - mkdir_p("/etc/udev/rules.d", 0755); + mkdir_p_label("/etc/udev/rules.d", 0755); r = write_one_line_file_atomic(file, rule); if (r < 0) goto finish; @@ -1890,9 +1890,9 @@ static DBusHandlerResult manager_message_handler( if (r < 0) return bus_send_error_reply(connection, message, &error, r); - mkdir_p("/var/lib/systemd", 0755); + mkdir_p_label("/var/lib/systemd", 0755); - r = safe_mkdir("/var/lib/systemd/linger", 0755, 0, 0); + r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0); if (r < 0) return bus_send_error_reply(connection, message, &error, r); diff --git a/src/login/logind-inhibit.c b/src/login/logind-inhibit.c index 2d25b79c2..96b7c6cd7 100644 --- a/src/login/logind-inhibit.c +++ b/src/login/logind-inhibit.c @@ -84,7 +84,7 @@ int inhibitor_save(Inhibitor *i) { assert(i); - r = safe_mkdir("/run/systemd/inhibit", 0755, 0, 0); + r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0); if (r < 0) goto finish; @@ -272,7 +272,7 @@ int inhibitor_create_fifo(Inhibitor *i) { /* Create FIFO */ if (!i->fifo_path) { - r = safe_mkdir("/run/systemd/inhibit", 0755, 0, 0); + r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0); if (r < 0) return r; diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c index 06debf887..755f20c03 100644 --- a/src/login/logind-seat.c +++ b/src/login/logind-seat.c @@ -91,7 +91,7 @@ int seat_save(Seat *s) { if (!s->started) return 0; - r = safe_mkdir("/run/systemd/seats", 0755, 0, 0); + r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0); if (r < 0) goto finish; diff --git a/src/login/logind-session.c b/src/login/logind-session.c index dd0de7805..5c8d54931 100644 --- a/src/login/logind-session.c +++ b/src/login/logind-session.c @@ -116,7 +116,7 @@ int session_save(Session *s) { if (!s->started) return 0; - r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0); + r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0); if (r < 0) goto finish; @@ -816,7 +816,7 @@ int session_create_fifo(Session *s) { /* Create FIFO */ if (!s->fifo_path) { - r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0); + r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0); if (r < 0) return r; diff --git a/src/login/logind-user.c b/src/login/logind-user.c index 2b80ff844..b971845e1 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c @@ -98,7 +98,7 @@ int user_save(User *u) { if (!u->started) return 0; - r = safe_mkdir("/run/systemd/users", 0755, 0, 0); + r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0); if (r < 0) goto finish; @@ -250,7 +250,7 @@ static int user_mkdir_runtime_path(User *u) { assert(u); - r = safe_mkdir("/run/user", 0755, 0, 0); + r = mkdir_safe_label("/run/user", 0755, 0, 0); if (r < 0) { log_error("Failed to create /run/user: %s", strerror(-r)); return r; @@ -266,7 +266,7 @@ static int user_mkdir_runtime_path(User *u) { } else p = u->runtime_path; - r = safe_mkdir(p, 0700, u->uid, u->gid); + r = mkdir_safe_label(p, 0700, u->uid, u->gid); if (r < 0) { log_error("Failed to create runtime directory %s: %s", p, strerror(-r)); free(p); diff --git a/src/login/multi-seat-x.c b/src/login/multi-seat-x.c index 32d868888..92014f531 100644 --- a/src/login/multi-seat-x.c +++ b/src/login/multi-seat-x.c @@ -113,7 +113,7 @@ int main(int argc, char *argv[]) { goto fail; } - r = safe_mkdir("/run/systemd/multi-session-x", 0755, 0, 0); + r = mkdir_safe_label("/run/systemd/multi-session-x", 0755, 0, 0); if (r < 0) { log_error("Failed to create directory: %s", strerror(-r)); goto fail; diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 8a5eb34c7..fec39d644 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -222,7 +222,7 @@ static int mount_all(const char *dest) { continue; } - mkdir_p(where, 0755); + mkdir_p_label(where, 0755); if (mount(mount_table[k].what, where, @@ -1035,13 +1035,13 @@ int main(int argc, char *argv[]) { goto child_fail; } - if (mkdir_parents(home, 0775) < 0) { - log_error("mkdir_parents() failed: %m"); + if (mkdir_parents_label(home, 0775) < 0) { + log_error("mkdir_parents_label() failed: %m"); goto child_fail; } - if (safe_mkdir(home, 0775, uid, gid) < 0) { - log_error("safe_mkdir() failed: %m"); + if (mkdir_safe_label(home, 0775, uid, gid) < 0) { + log_error("mkdir_safe_label() failed: %m"); goto child_fail; } diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c index d1cab8b87..c2729fe41 100644 --- a/src/random-seed/random-seed.c +++ b/src/random-seed/random-seed.c @@ -68,7 +68,7 @@ int main(int argc, char *argv[]) { goto finish; } - if (mkdir_parents(RANDOM_SEED, 0755) < 0) { + if (mkdir_parents_label(RANDOM_SEED, 0755) < 0) { log_error("Failed to create directories parents of %s: %m", RANDOM_SEED); goto finish; } diff --git a/src/rc-local-generator/rc-local-generator.c b/src/rc-local-generator/rc-local-generator.c index 38168cc01..f41a6bf26 100644 --- a/src/rc-local-generator/rc-local-generator.c +++ b/src/rc-local-generator/rc-local-generator.c @@ -53,7 +53,7 @@ static int add_symlink(const char *service, const char *where) { goto finish; } - mkdir_parents(to, 0755); + mkdir_parents_label(to, 0755); r = symlink(from, to); if (r < 0) { diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index 55be807cf..4333bfb56 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -324,7 +324,7 @@ int ask_password_agent( sigset_add_many(&mask, SIGINT, SIGTERM, -1); assert_se(sigprocmask(SIG_BLOCK, &mask, &oldmask) == 0); - mkdir_p("/run/systemd/ask-password", 0755); + mkdir_p_label("/run/systemd/ask-password", 0755); u = umask(0022); fd = mkostemp(temp, O_CLOEXEC|O_CREAT|O_WRONLY); diff --git a/src/shared/cgroup-label.c b/src/shared/cgroup-label.c index 06e3c1626..beeeec583 100644 --- a/src/shared/cgroup-label.c +++ b/src/shared/cgroup-label.c @@ -47,7 +47,7 @@ int cg_create(const char *controller, const char *path) { if (r < 0) return r; - r = mkdir_parents(fs, 0755); + r = mkdir_parents_label(fs, 0755); if (r >= 0) { if (mkdir(fs, 0755) >= 0) diff --git a/src/shared/install.c b/src/shared/install.c index 7e4f66695..40b137e43 100644 --- a/src/shared/install.c +++ b/src/shared/install.c @@ -1151,7 +1151,7 @@ static int create_symlink( assert(old_path); assert(new_path); - mkdir_parents(new_path, 0755); + mkdir_parents_label(new_path, 0755); if (symlink(old_path, new_path) >= 0) { add_file_change(changes, n_changes, UNIT_FILE_SYMLINK, new_path, old_path); diff --git a/src/shared/mkdir.c b/src/shared/mkdir.c index b102af779..0eb70f268 100644 --- a/src/shared/mkdir.c +++ b/src/shared/mkdir.c @@ -31,7 +31,11 @@ #include "util.h" #include "log.h" -int safe_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid) { +int mkdir_label(const char *path, mode_t mode) { + return label_mkdir(path, mode); +} + +int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) { struct stat st; if (label_mkdir(path, mode) >= 0) @@ -52,7 +56,7 @@ int safe_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid) { return 0; } -int mkdir_parents(const char *path, mode_t mode) { +int mkdir_parents_label(const char *path, mode_t mode) { struct stat st; const char *p, *e; @@ -96,12 +100,12 @@ int mkdir_parents(const char *path, mode_t mode) { } } -int mkdir_p(const char *path, mode_t mode) { +int mkdir_p_label(const char *path, mode_t mode) { int r; /* Like mkdir -p */ - if ((r = mkdir_parents(path, mode)) < 0) + if ((r = mkdir_parents_label(path, mode)) < 0) return r; if (label_mkdir(path, mode) < 0 && errno != EEXIST) diff --git a/src/shared/mkdir.h b/src/shared/mkdir.h index b1477c5f6..1a332bbcf 100644 --- a/src/shared/mkdir.h +++ b/src/shared/mkdir.h @@ -22,7 +22,8 @@ along with systemd; If not, see . ***/ -int safe_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid); -int mkdir_parents(const char *path, mode_t mode); -int mkdir_p(const char *path, mode_t mode); +int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid); +int mkdir_label(const char *path, mode_t mode); +int mkdir_parents_label(const char *path, mode_t mode); +int mkdir_p_label(const char *path, mode_t mode); #endif diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c index 32ddb3886..a9c3e21d5 100644 --- a/src/shared/path-lookup.c +++ b/src/shared/path-lookup.c @@ -122,7 +122,7 @@ static char** user_dirs( * then filter out this link, if it is actually is * one. */ - mkdir_parents(data_home, 0777); + mkdir_parents_label(data_home, 0777); (void) symlink("../../../.config/systemd/user", data_home); } diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c index 5158beeda..ff212de82 100644 --- a/src/shared/socket-label.c +++ b/src/shared/socket-label.c @@ -106,7 +106,7 @@ int socket_address_listen( mode_t old_mask; /* Create parents */ - mkdir_parents(a->sockaddr.un.sun_path, directory_mode); + mkdir_parents_label(a->sockaddr.un.sun_path, directory_mode); /* Enforce the right access mode for the socket*/ old_mask = umask(~ socket_mode); diff --git a/src/shutdownd/shutdownd.c b/src/shutdownd/shutdownd.c index 0497cd41a..6eb8ed9bf 100644 --- a/src/shutdownd/shutdownd.c +++ b/src/shutdownd/shutdownd.c @@ -205,7 +205,7 @@ static int update_schedule_file(struct sd_shutdown_command *c) { assert(c); - r = safe_mkdir("/run/systemd/shutdown", 0755, 0, 0); + r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0); if (r < 0) { log_error("Failed to create shutdown subdirectory: %s", strerror(-r)); return r; diff --git a/src/test/test-udev.c b/src/test/test-udev.c index 551f7564f..bd9c05903 100644 --- a/src/test/test-udev.c +++ b/src/test/test-udev.c @@ -97,7 +97,7 @@ int main(int argc, char *argv[]) mode |= S_IFCHR; if (strcmp(action, "remove") != 0) { - mkdir_parents(udev_device_get_devnode(dev), 0755); + mkdir_parents_label(udev_device_get_devnode(dev), 0755); mknod(udev_device_get_devnode(dev), mode, udev_device_get_devnum(dev)); } else { unlink(udev_device_get_devnode(dev)); diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 2ee0601e6..aebc4bb08 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -652,7 +652,7 @@ static int create_item(Item *i) { case CREATE_DIRECTORY: u = umask(0); - mkdir_parents(i->path, 0755); + mkdir_parents_label(i->path, 0755); r = mkdir(i->path, i->mode); umask(u); diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c index de843b437..7f537c274 100644 --- a/src/tty-ask-password-agent/tty-ask-password-agent.c +++ b/src/tty-ask-password-agent/tty-ask-password-agent.c @@ -446,7 +446,7 @@ static int wall_tty_block(void) { if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(devnr), minor(devnr)) < 0) return -ENOMEM; - mkdir_parents(p, 0700); + mkdir_parents_label(p, 0700); mkfifo(p, 0600); fd = open(p, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY); @@ -570,7 +570,7 @@ static int watch_passwords(void) { tty_block_fd = wall_tty_block(); - mkdir_p("/run/systemd/ask-password", 0755); + mkdir_p_label("/run/systemd/ask-password", 0755); if ((notify = inotify_init1(IN_CLOEXEC)) < 0) { r = -errno; diff --git a/src/udev/udev-builtin-firmware.c b/src/udev/udev-builtin-firmware.c index 56dc8fcaa..69e1db980 100644 --- a/src/udev/udev-builtin-firmware.c +++ b/src/udev/udev-builtin-firmware.c @@ -121,7 +121,7 @@ static int builtin_firmware(struct udev_device *dev, int argc, char *argv[], boo /* This link indicates the missing firmware file and the associated device */ log_debug("did not find firmware file '%s'\n", firmware); do { - err = mkdir_parents(misspath, 0755); + err = mkdir_parents_label(misspath, 0755); if (err != 0 && err != -ENOENT) break; err = symlink(udev_device_get_devpath(dev), misspath); diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c index 3c9846f15..2ef6341a2 100644 --- a/src/udev/udev-node.c +++ b/src/udev/udev-node.c @@ -100,7 +100,7 @@ static int node_symlink(struct udev *udev, const char *node, const char *slink) } else { log_debug("creating symlink '%s' to '%s'\n", slink, target); do { - err = mkdir_parents(slink, 0755); + err = mkdir_parents_label(slink, 0755); if (err != 0 && err != -ENOENT) break; label_context_set(slink, S_IFLNK); @@ -117,7 +117,7 @@ static int node_symlink(struct udev *udev, const char *node, const char *slink) util_strscpyl(slink_tmp, sizeof(slink_tmp), slink, TMP_FILE_EXT, NULL); unlink(slink_tmp); do { - err = mkdir_parents(slink_tmp, 0755); + err = mkdir_parents_label(slink_tmp, 0755); if (err != 0 && err != -ENOENT) break; label_context_set(slink_tmp, S_IFLNK); @@ -226,7 +226,7 @@ static void link_update(struct udev_device *dev, const char *slink, bool add) do { int fd; - err = mkdir_parents(filename, 0755); + err = mkdir_parents_label(filename, 0755); if (err != 0 && err != -ENOENT) break; fd = open(filename, O_WRONLY|O_CREAT|O_CLOEXEC|O_TRUNC|O_NOFOLLOW, 0444); diff --git a/src/udev/udev-watch.c b/src/udev/udev-watch.c index 1091ec8d6..04609a776 100644 --- a/src/udev/udev-watch.c +++ b/src/udev/udev-watch.c @@ -111,7 +111,7 @@ void udev_watch_begin(struct udev *udev, struct udev_device *dev) } snprintf(filename, sizeof(filename), "/run/udev/watch/%d", wd); - mkdir_parents(filename, 0755); + mkdir_parents_label(filename, 0755); unlink(filename); symlink(udev_device_get_id_filename(dev), filename); diff --git a/src/udev/udevd.c b/src/udev/udevd.c index f6707a5cc..131d12d1b 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -850,7 +850,7 @@ static void static_dev_create_from_modules(struct udev *udev) continue; util_strscpyl(filename, sizeof(filename), "/dev/", devname, NULL); - mkdir_parents(filename, 0755); + mkdir_parents_label(filename, 0755); label_context_set(filename, mode); log_debug("mknod '%s' %c%u:%u\n", filename, type, maj, min); if (mknod(filename, mode, makedev(maj, min)) < 0 && errno == EEXIST) @@ -896,7 +896,7 @@ static int convert_db(struct udev *udev) return 0; /* make sure we do not get here again */ - mkdir_parents("/run/udev/data", 0755); + mkdir_parents_label("/run/udev/data", 0755); mkdir(filename, 0755); /* old database */ -- 2.30.2