[systemd-devel] [PATCH 3/3] udev: do NOT re-label smack

WaLyong Cho walyong.cho at gmail.com
Thu Oct 23 21:43:52 PDT 2014


On 10/23/2014 06:13 AM, Lennart Poettering wrote:
> On Thu, 16.10.14 16:59, WaLyong Cho (walyong.cho at samsung.com) wrote:
> 
>> If selinux is disabled and smack is only enabled, smack label is
>> relable-ed by label_fix. To avoid, make only be labeled for selinux.
>> ---
>>  src/udev/udev-node.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
>> index 9796672..6dd4e74 100644
>> --- a/src/udev/udev-node.c
>> +++ b/src/udev/udev-node.c
>> @@ -317,8 +317,8 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
>>                  }
>>  
>>                  /* set the defaults */
>> -                if (!selinux)
>> -                        label_fix(devnode, true, false);
>> +                if (!selinux && use_selinux())
>> +                        mac_selinux_fix(devnode, true, false);
> 
> Hmm, but doesn't mac_selinux_fix() check for use_selinux() internally
> anyway? Checking this outside sounds redundant, no?
> 
No, mac_selinux_fix() has no mac_selinux_use(). I will add
mac_selinux_use() to mac_selinux_fix().

WaLyong

> Lennart
> 


More information about the systemd-devel mailing list