selinux: create /run/systemd/userdb directory and sockets with default SELinux context

2025-02-21 05:57:34 +03:00 · 2020-09-01 15:49:44 +02:00 · 2020-09-01 15:49:44 +02:00 · 63e00ccd8e
commit 63e00ccd8e
parent 45ae2f725e
2 changed files with 7 additions and 4 deletions
--- a/src/core/core-varlink.c
+++ b/src/core/core-varlink.c
@ -291,7 +291,7 @@ int manager_varlink_init(Manager *m) {
                return log_error_errno(r, "Failed to register varlink methods: %m");

        if (!MANAGER_IS_TEST_RUN(m)) {
-                (void) mkdir_p("/run/systemd/userdb", 0755);
+                (void) mkdir_p_label("/run/systemd/userdb", 0755);

                r = varlink_server_listen_address(s, "/run/systemd/userdb/io.systemd.DynamicUser", 0666);
                if (r < 0)
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@ -9,6 +9,7 @@
 #include "io-util.h"
 #include "list.h"
 #include "process-util.h"
+#include "selinux-util.h"
 #include "set.h"
 #include "socket-util.h"
 #include "string-table.h"
@ -2243,9 +2244,11 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t

        (void) sockaddr_un_unlink(&sockaddr.un);

-        RUN_WITH_UMASK(~m & 0777)
-                if (bind(fd, &sockaddr.sa, sockaddr_len) < 0)
-                        return -errno;
+        RUN_WITH_UMASK(~m & 0777) {
+                r = mac_selinux_bind(fd, &sockaddr.sa, sockaddr_len);
+                if (r < 0)
+                        return r;
+        }

        if (listen(fd, SOMAXCONN) < 0)
                return -errno;