[PATCH] mdev - add SELinux support

Daniel J Walsh dwalsh at redhat.com
Mon Jan 20 17:23:17 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/20/2014 10:56 AM, Amadeusz Sławiński wrote:
> On Mon, 20 Jan 2014 09:43:24 -0500 Daniel J Walsh <dwalsh at redhat.com>
> wrote:
> 
> On 01/19/2014 11:23 AM, Amadeusz Sławiński wrote:
> 
> A better patch would be to use setfscreatecon(scontext) before the mknod.
> And setfscreatecon(NULL) after.
> 
> 
> Pseuod code #if ENABLE_SELINUX security_context_t scontext = NULL; char
> *node_path = xasprintf("/dev/%s", node_name); if (matchpathcon(node_path,
> rule->mode | type, &scontext) == 0) { setfscreatecon(scontext); 
> freecon(scontext); #endif if (mknod(node_name, rule->mode | type,
> makedev(major, minor)) && errno != EEXIST) bb_perror_msg("can't create
> '%s'", node_name); #if ENABLE_SELINUX setfscreatecon(NULL); #endif
> 
> That way you eliminate a potential race condition where the node is 
> temporarily mislabeled.
> 
> 
> 
> I don't mind doing it like this, in fact first version of this patch looked
> almost exactly same.
> 
> My reasoning for doing it the other way is that some nodes (at least on 
> gentoo - console, tty, tty1, null, kmsg) are created before and labels on
> those need to be fixed (one can of course edit his scripts and run 
> restorecon). Also it should work better this way with people using devtmpfs
> to mount/automount /dev, even though they later use mdev.
> 
No problem, as long as you have considered both ways that is fine.  If mdev
runs before other apps, the race condition might not be important.
> Amadeusz _______________________________________________ busybox mailing
> list busybox at busybox.net http://lists.busybox.net/mailman/listinfo/busybox
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlLdW4UACgkQrlYvE4MpobPEUACfeIWGhVYGykQTljLvZVGQj7Xm
O/UAoOPn/fIbygnDbN1LPEqPi1h4L1N6
=AE2N
-----END PGP SIGNATURE-----


More information about the busybox mailing list