shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-20 18:04:03 +03:00
Code

shared: create inaccessible files with correct security label

Browse Source
This commit is contained in:
Christian Göttsche 2024-04-27 21:23:11 +02:00
parent 4be62f821c
commit b9a05e860c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/shared/dev-setup.c
View File

@ -110,7 +110,7 @@ int make_inaccessible_nodes(
if (parent_fd < 0)
return -errno;
inaccessible_fd = open_mkdir_at(parent_fd, "inaccessible", O_CLOEXEC, 0755);
inaccessible_fd = open_mkdir_at_full(parent_fd, "inaccessible", O_CLOEXEC, XO_LABEL, 0755);
if (inaccessible_fd < 0)
return inaccessible_fd;
@ -132,7 +132,7 @@ int make_inaccessible_nodes(
if (S_ISDIR(inode_type))
r = mkdirat_label(inaccessible_fd, fn, 0000);
else
r = RET_NERRNO(mknodat(inaccessible_fd, fn, inode_type | 0000, makedev(0, 0)));
r = mknodat_label(inaccessible_fd, fn, inode_type | 0000, makedev(0, 0));
if (r == -EEXIST) {
if (fchmodat(inaccessible_fd, fn, 0000, AT_SYMLINK_NOFOLLOW) < 0)
log_debug_errno(errno, "Failed to adjust access mode of existing inode '%s', ignoring: %m", path);