On 30/11/07 15:55, Christopher J. PeBenito wrote:
> On Fri, 2007-11-30 at 16:30 +0100, Václav Ovsík wrote:
>> On Fri, Nov 30, 2007 at 09:38:33AM -0500, Christopher J. PeBenito wrote:
>>>> Corresponding code is in udev_node.c, function node_symlink().
>>>> if (strcmp(target, buf) == 0) {
>>>> info("preserve already existing symlink '%s' to '%s'", slink,
>>>> target);
>>>> selinux_setfilecon(slink, NULL, S_IFLNK);
>>>> goto exit;
>>>> }
>>> I'll add the rule. Perhaps someone should send up a patch to remove the
>>> setfilecon, and update the info message.
>> Mean you to compare the context of symlink and no setfilecon if it is
>> ok?
>
> Yes. Unless there's a good reason to keep it as-is that I don't know
> about.
Well I'll send a patch to udev. Should it just be the below, or should udev
be relabelling symlinks if it finds that they exist but are wrongly
labelled? How do I test for equality of security contexts?
--- a/udev_node.c
+++ b/udev_node.c
@@ -146,7 +146,6 @@ static int node_symlink(const char *node, const char *slink)
buf[len] = '\0';
if (strcmp(target, buf) == 0) {
info("preserve already existing symlink '%s' to '%s'", slink, target);
- selinux_setfilecon(slink, NULL, S_IFLNK);
goto exit;
}
}
--
Martin Orr
Attachment:
signature.asc
Description: OpenPGP digital signature
