-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/19/2014 11:23 AM, Amadeusz Sławiński wrote:
A better patch would be to use setfscreatecon(scontext) before the mknod.
And setfscreatecon(NULL) after.
Pseuod code
#if ENABLE_SELINUX
security_context_t scontext = NULL;
char *node_path = xasprintf("/dev/%s", node_name);
if (matchpathcon(node_path, rule->mode | type, &scontext) == 0) {
setfscreatecon(scontext);
freecon(scontext);
#endif
if (mknod(node_name, rule->mode | type, makedev(major, minor)) && errno
!=
EEXIST)
bb_perror_msg("can't create '%s'", node_name);
#if ENABLE_SELINUX
setfscreatecon(NULL);
#endif
That way you eliminate a potential race condition where the node is
temporarily mislabeled.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlLdNgwACgkQrlYvE4MpobPnhwCgtYGSnzSfemSnTSZYEtIRaPi1
uRcAoIxEL5vwZJK+Qnic2BZeKsJpk2iu
=6kck
-----END PGP SIGNATURE-----
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
