diff options
author | Rob Landley <rob@landley.net> | 2015-06-15 15:17:56 -0500 |
---|---|---|
committer | Rob Landley <rob@landley.net> | 2015-06-15 15:17:56 -0500 |
commit | 34434df7c1b919f658ee2db75358adbe5647bd76 (patch) | |
tree | 47483b935a84e71459f1b71b53b6c7df95ffd1fe | |
parent | e2882b47f9ccc7342871cbf70dadadd9afac0c8c (diff) | |
download | toybox-34434df7c1b919f658ee2db75358adbe5647bd76.tar.gz |
Use lsm_set_create() to set security blanket context before mknod, avoiding
racy gap between create/label.
-rw-r--r-- | toys/lsb/mknod.c | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/toys/lsb/mknod.c b/toys/lsb/mknod.c index 0fec5a25..d6cd65ce 100644 --- a/toys/lsb/mknod.c +++ b/toys/lsb/mknod.c @@ -50,13 +50,9 @@ void mknod_main(void) minor = atoi(toys.optargs[3]); } - if (mknod(toys.optargs[0], mode | modes[type], makedev(major, minor))) { - perror_exit("mknod %s failed", toys.optargs[0]); - } - else if (CFG_MKNOD_Z && (toys.optflags & FLAG_Z)) { - if (lsm_set_context(toys.optargs[0], TT.arg_context) < 0) { - unlink(toys.optargs[0]); - error_msg("'%s': bad -Z '%s'", toys.optargs[0], TT.arg_context); - } - } + if (toys.optflags & FLAG_Z) + if (-1 == lsm_set_create(TT.arg_context)) + error_exit("bad -Z '%s'", TT.arg_context); + if (mknod(*toys.optargs, mode|modes[type], makedev(major, minor))) + perror_exit("%s", *toys.optargs); } |