[systemd-devel] [PATCH 3/3] udev: do NOT re-label smack
Lennart Poettering
lennart at poettering.net
Wed Oct 22 14:13:46 PDT 2014
On Thu, 16.10.14 16:59, WaLyong Cho (walyong.cho at samsung.com) wrote:
> If selinux is disabled and smack is only enabled, smack label is
> relable-ed by label_fix. To avoid, make only be labeled for selinux.
> ---
> src/udev/udev-node.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
> index 9796672..6dd4e74 100644
> --- a/src/udev/udev-node.c
> +++ b/src/udev/udev-node.c
> @@ -317,8 +317,8 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
> }
>
> /* set the defaults */
> - if (!selinux)
> - label_fix(devnode, true, false);
> + if (!selinux && use_selinux())
> + mac_selinux_fix(devnode, true, false);
Hmm, but doesn't mac_selinux_fix() check for use_selinux() internally
anyway? Checking this outside sounds redundant, no?
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list