Re: [systemd-devel] [PATCH 2/2] udev: do NOT re-label smack

Lennart Poettering Tue, 26 Aug 2014 12:54:43 -0700

On Tue, 26.08.14 21:52, Lennart Poettering ([email protected]) wrote:

> 
> On Thu, 21.08.14 12:58, WaLyong Cho ([email protected]) wrote:
> 
> > If selinux is disabled and smack is only enabled, smack label is
> > relable-ed by label_fix. To avoid, make only be labeled for selinux.
> > ---
> >  src/udev/udev-node.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
> > index 6a9788b..00ade2c 100644
> > --- a/src/udev/udev-node.c
> > +++ b/src/udev/udev-node.c
> > @@ -314,8 +314,8 @@ static int node_permissions_apply(struct udev_device 
> > *dev, bool apply,
> >                  }
> >  
> >                  /* set the defaults */
> > -                if (!selinux)
> > -                        label_fix(devnode, true, false);
> > +                if (!selinux && use_selinux())
> > +                        mac_selinux_fix(devnode, true, false);
> 
> Shouldn't mac_selinux_fix() simply become a NOP returning ENOTSUP if
> selinux is disabled? Then, we can just invoke it here always, with no ill
> effects...


Or actually, it shouldn't even return ENOTSUP, but simply 0... that's at
least how the rest of the selinux code currently appears to work if
selinux is off...
> 
> >                  if (!smack)
> >                          mac_smack_path(devnode, NULL);
> >          }
> 
> 
> Lennart
> 


Lennart

-- 
Lennart Poettering, Red Hat
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 2/2] udev: do NOT re-label smack

Reply via email to