Commit d2e54fae authored by Kay Sievers's avatar Kay Sievers
Browse files

mkdir: append _label to all mkdir() calls that explicitly set the selinux context

parent 051d6878
......@@ -499,7 +499,7 @@ static void automount_enter_waiting(Automount *a) {
}
/* We knowingly ignore the results of this call */
mkdir_p(a->where, 0555);
mkdir_p_label(a->where, 0555);
if (pipe2(p, O_NONBLOCK|O_CLOEXEC) < 0) {
r = -errno;
......@@ -588,7 +588,7 @@ static void automount_enter_runnning(Automount *a) {
return;
}
mkdir_p(a->where, a->directory_mode);
mkdir_p_label(a->where, a->directory_mode);
/* Before we do anything, let's see if somebody is playing games with us? */
if (lstat(a->where, &st) < 0) {
......
......@@ -1095,7 +1095,7 @@ static int bus_init_private(Manager *m) {
goto fail;
}
mkdir_parents(p+10, 0755);
mkdir_parents_label(p+10, 0755);
unlink(p+10);
m->private_bus = dbus_server_listen(p, &error);
free(p);
......
......@@ -2068,7 +2068,7 @@ static int create_generator_dir(Manager *m, char **generator, const char *name)
return -ENOMEM;
}
r = mkdir_p(p, 0755);
r = mkdir_p_label(p, 0755);
if (r < 0) {
log_error("Failed to create generator directory: %s", strerror(-r));
free(p);
......
......@@ -130,7 +130,7 @@ static int mount_one(const MountPoint *p, bool relabel) {
/* The access mode here doesn't really matter too much, since
* the mounted file system will take precedence anyway. */
mkdir_p(p->where, 0755);
mkdir_p_label(p->where, 0755);
log_debug("Mounting %s to %s of type %s with options %s.",
p->what,
......@@ -404,8 +404,8 @@ int mount_setup(bool loaded_policy) {
dev_setup();
/* Create a few directories we always want around */
label_mkdir("/run/systemd", 0755);
label_mkdir("/run/systemd/system", 0755);
mkdir_label("/run/systemd", 0755);
mkdir_label("/run/systemd/system", 0755);
return 0;
}
......@@ -915,12 +915,12 @@ static void mount_enter_mounting(Mount *m) {
m->control_command_id = MOUNT_EXEC_MOUNT;
m->control_command = m->exec_command + MOUNT_EXEC_MOUNT;
mkdir_p(m->where, m->directory_mode);
mkdir_p_label(m->where, m->directory_mode);
/* Create the source directory for bind-mounts if needed */
p = get_mount_parameters_fragment(m);
if (p && mount_is_bind(p))
mkdir_p(p->what, m->directory_mode);
mkdir_p_label(p->what, m->directory_mode);
if (m->from_fragment)
r = exec_command_set(
......
......@@ -215,7 +215,7 @@ static void path_spec_mkdir(PathSpec *s, mode_t mode) {
if (s->type == PATH_EXISTS || s->type == PATH_EXISTS_GLOB)
return;
if ((r = mkdir_p(s->path, mode)) < 0)
if ((r = mkdir_p_label(s->path, mode)) < 0)
log_warning("mkdir(%s) failed: %s", s->path, strerror(-r));
}
......
......@@ -238,7 +238,7 @@ static int prepare_new_root(void) {
}
NULSTR_FOREACH(dir, dirs)
if (mkdir_p(dir, 0755) < 0 && errno != EEXIST) {
if (mkdir_p_label(dir, 0755) < 0 && errno != EEXIST) {
log_error("Failed to mkdir %s: %m", dir);
return -errno;
}
......
......@@ -761,7 +761,7 @@ static int fifo_address_create(
assert(path);
assert(_fd);
mkdir_parents(path, directory_mode);
mkdir_parents_label(path, directory_mode);
r = label_context_set(path, S_IFIFO);
if (r < 0)
......
......@@ -175,7 +175,7 @@ static int create_disk(
goto fail;
}
mkdir_parents(to, 0755);
mkdir_parents_label(to, 0755);
if (symlink(from, to) < 0) {
log_error("Failed to create symlink '%s' to '%s': %m", from, to);
r = -errno;
......@@ -193,7 +193,7 @@ static int create_disk(
goto fail;
}
mkdir_parents(to, 0755);
mkdir_parents_label(to, 0755);
if (symlink(from, to) < 0) {
log_error("Failed to create symlink '%s' to '%s': %m", from, to);
r = -errno;
......@@ -211,7 +211,7 @@ static int create_disk(
goto fail;
}
mkdir_parents(to, 0755);
mkdir_parents_label(to, 0755);
if (symlink(from, to) < 0) {
log_error("Failed to create symlink '%s' to '%s': %m", from, to);
r = -errno;
......
......@@ -151,7 +151,7 @@ static int add_swap(const char *what, struct mntent *me) {
goto finish;
}
mkdir_parents(lnk, 0755);
mkdir_parents_label(lnk, 0755);
if (symlink(unit, lnk) < 0) {
log_error("Failed to create symlink: %m");
r = -errno;
......@@ -174,7 +174,7 @@ static int add_swap(const char *what, struct mntent *me) {
goto finish;
}
mkdir_parents(lnk, 0755);
mkdir_parents_label(lnk, 0755);
if (symlink(unit, lnk) < 0) {
log_error("Failed to create symlink: %m");
r = -errno;
......@@ -326,7 +326,7 @@ static int add_mount(const char *what, const char *where, struct mntent *me) {
goto finish;
}
mkdir_parents(lnk, 0755);
mkdir_parents_label(lnk, 0755);
if (symlink(unit, lnk) < 0) {
log_error("Failed to create symlink: %m");
r = -errno;
......@@ -352,7 +352,7 @@ static int add_mount(const char *what, const char *where, struct mntent *me) {
goto finish;
}
mkdir_parents(lnk, 0755);
mkdir_parents_label(lnk, 0755);
if (symlink(unit, lnk) < 0) {
log_error("Failed to creat symlink: %m");
r = -errno;
......@@ -413,7 +413,7 @@ static int add_mount(const char *what, const char *where, struct mntent *me) {
goto finish;
}
mkdir_parents(lnk, 0755);
mkdir_parents_label(lnk, 0755);
if (symlink(automount_unit, lnk) < 0) {
log_error("Failed to create symlink: %m");
r = -errno;
......
......@@ -47,7 +47,7 @@ static int add_symlink(const char *fservice, const char *tservice) {
goto finish;
}
mkdir_parents(to, 0755);
mkdir_parents_label(to, 0755);
r = symlink(from, to);
if (r < 0) {
......
......@@ -54,7 +54,7 @@ static int divert_coredump(void) {
log_info("Detected coredump of the journal daemon itself, diverting coredump to /var/lib/systemd/coredump/.");
mkdir_p("/var/lib/systemd/coredump", 0755);
mkdir_p_label("/var/lib/systemd/coredump", 0755);
f = fopen("/var/lib/systemd/coredump/core.systemd-journald", "we");
if (!f) {
......
......@@ -1973,7 +1973,7 @@ static int system_journal_open(Server *s) {
/* OK, we really need the runtime journal, so create
* it if necessary. */
(void) mkdir_parents(fn, 0755);
(void) mkdir_parents_label(fn, 0755);
r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, NULL, &s->runtime_journal);
free(fn);
......
......@@ -35,7 +35,7 @@ static void udev_device_tag(struct udev_device *dev, const char *tag, bool add)
if (add) {
int fd;
mkdir_parents(filename, 0755);
mkdir_parents_label(filename, 0755);
fd = open(filename, O_WRONLY|O_CREAT|O_CLOEXEC|O_TRUNC|O_NOFOLLOW, 0444);
if (fd >= 0)
close(fd);
......@@ -119,7 +119,7 @@ int udev_device_update_db(struct udev_device *udev_device)
/* write a database file */
util_strscpyl(filename_tmp, sizeof(filename_tmp), filename, ".tmp", NULL);
mkdir_parents(filename_tmp, 0755);
mkdir_parents_label(filename_tmp, 0755);
f = fopen(filename_tmp, "we");
if (f == NULL) {
udev_err(udev, "unable to create temporary db file '%s': %m\n", filename_tmp);
......
......@@ -591,7 +591,7 @@ static int write_data_x11(void) {
return 0;
}
mkdir_parents("/etc/X11/xorg.conf.d", 0755);
mkdir_parents_label("/etc/X11/xorg.conf.d", 0755);
r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path);
if (r < 0)
......
......@@ -874,7 +874,7 @@ static int attach_device(Manager *m, const char *seat, const char *sysfs) {
goto finish;
}
mkdir_p("/etc/udev/rules.d", 0755);
mkdir_p_label("/etc/udev/rules.d", 0755);
r = write_one_line_file_atomic(file, rule);
if (r < 0)
goto finish;
......@@ -1890,9 +1890,9 @@ static DBusHandlerResult manager_message_handler(
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
mkdir_p("/var/lib/systemd", 0755);
mkdir_p_label("/var/lib/systemd", 0755);
r = safe_mkdir("/var/lib/systemd/linger", 0755, 0, 0);
r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0);
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
......
......@@ -84,7 +84,7 @@ int inhibitor_save(Inhibitor *i) {
assert(i);
r = safe_mkdir("/run/systemd/inhibit", 0755, 0, 0);
r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0);
if (r < 0)
goto finish;
......@@ -272,7 +272,7 @@ int inhibitor_create_fifo(Inhibitor *i) {
/* Create FIFO */
if (!i->fifo_path) {
r = safe_mkdir("/run/systemd/inhibit", 0755, 0, 0);
r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0);
if (r < 0)
return r;
......
......@@ -91,7 +91,7 @@ int seat_save(Seat *s) {
if (!s->started)
return 0;
r = safe_mkdir("/run/systemd/seats", 0755, 0, 0);
r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0);
if (r < 0)
goto finish;
......
......@@ -116,7 +116,7 @@ int session_save(Session *s) {
if (!s->started)
return 0;
r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
if (r < 0)
goto finish;
......@@ -816,7 +816,7 @@ int session_create_fifo(Session *s) {
/* Create FIFO */
if (!s->fifo_path) {
r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
if (r < 0)
return r;
......
......@@ -98,7 +98,7 @@ int user_save(User *u) {
if (!u->started)
return 0;
r = safe_mkdir("/run/systemd/users", 0755, 0, 0);
r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0);
if (r < 0)
goto finish;
......@@ -250,7 +250,7 @@ static int user_mkdir_runtime_path(User *u) {
assert(u);
r = safe_mkdir("/run/user", 0755, 0, 0);
r = mkdir_safe_label("/run/user", 0755, 0, 0);
if (r < 0) {
log_error("Failed to create /run/user: %s", strerror(-r));
return r;
......@@ -266,7 +266,7 @@ static int user_mkdir_runtime_path(User *u) {
} else
p = u->runtime_path;
r = safe_mkdir(p, 0700, u->uid, u->gid);
r = mkdir_safe_label(p, 0700, u->uid, u->gid);
if (r < 0) {
log_error("Failed to create runtime directory %s: %s", p, strerror(-r));
free(p);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment