<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - udev 198 labels files in /dev incorrectly on boot"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=62615">62615</a>
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>systemd-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>udev 198 labels files in /dev incorrectly on boot
          </td>
        </tr>

        <tr>
          <th>QA Contact</th>
          <td>systemd-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>amade@asmblr.net
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>general
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>systemd
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=76878" name="attach_76878" title="output of diff a b">attachment 76878</a> <a href="attachment.cgi?id=76878&action=edit" title="output of diff a b">[details]</a></span>
output of diff a b

udev 198 doesn't label files in /dev correctly, some of them have correct
context while some do not.

ls -Z /dev > a
restorecon -R /dev
ls -Z /dev > b
diff a b

diff shows that a lot of files have wrong context


It seems to be caused by this commit:
<a href="http://cgit.freedesktop.org/systemd/systemd/commit/?id=22582bb2cbe85b40de5f561589e0468dac769515">http://cgit.freedesktop.org/systemd/systemd/commit/?id=22582bb2cbe85b40de5f561589e0468dac769515</a>
in particular by two lines from it:
- if (strcmp(udev_device_get_action(dev), "add") == 0) {
+ if (apply) {

After replacing apply with strcmp, all files are labeled correctly again

apply is passed via function calls with initial call in src/udev/udev-event.c
in function udev_event_execute_rules

udev_node_add(dev, event->owner_set || event->group_set || event->mode_set,
  event->mode, event->uid, event->gid);

event->owner_set || event->group_set || event->mode_set  evaluates to value of
apply

"udev_node_add" then calls passing apply "node_permissions_apply" which has "if
(apply) {" check

Reproducible: Always

( <a href="https://bugs.gentoo.org/show_bug.cgi?id=462538">https://bugs.gentoo.org/show_bug.cgi?id=462538</a> )</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the QA Contact for the bug.</li>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>