[systemd-devel] [PATCH 2/2] udev: do NOT re-label smack
Lennart Poettering
lennart at poettering.net
Tue Aug 26 12:54:27 PDT 2014
On Tue, 26.08.14 21:52, Lennart Poettering (lennart at poettering.net) wrote:
>
> On Thu, 21.08.14 12:58, WaLyong Cho (walyong.cho at samsung.com) wrote:
>
> > If selinux is disabled and smack is only enabled, smack label is
> > relable-ed by label_fix. To avoid, make only be labeled for selinux.
> > ---
> > src/udev/udev-node.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
> > index 6a9788b..00ade2c 100644
> > --- a/src/udev/udev-node.c
> > +++ b/src/udev/udev-node.c
> > @@ -314,8 +314,8 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
> > }
> >
> > /* set the defaults */
> > - if (!selinux)
> > - label_fix(devnode, true, false);
> > + if (!selinux && use_selinux())
> > + mac_selinux_fix(devnode, true, false);
>
> Shouldn't mac_selinux_fix() simply become a NOP returning ENOTSUP if
> selinux is disabled? Then, we can just invoke it here always, with no ill
> effects...
Or actually, it shouldn't even return ENOTSUP, but simply 0... that's at
least how the rest of the selinux code currently appears to work if
selinux is off...
>
> > if (!smack)
> > mac_smack_path(devnode, NULL);
> > }
>
>
> Lennart
>
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list