aboutsummaryrefslogtreecommitdiff
path: root/toys
diff options
context:
space:
mode:
authorRob Landley <rob@landley.net>2015-06-15 15:17:56 -0500
committerRob Landley <rob@landley.net>2015-06-15 15:17:56 -0500
commit34434df7c1b919f658ee2db75358adbe5647bd76 (patch)
tree47483b935a84e71459f1b71b53b6c7df95ffd1fe /toys
parente2882b47f9ccc7342871cbf70dadadd9afac0c8c (diff)
downloadtoybox-34434df7c1b919f658ee2db75358adbe5647bd76.tar.gz
Use lsm_set_create() to set security blanket context before mknod, avoiding
racy gap between create/label.
Diffstat (limited to 'toys')
-rw-r--r--toys/lsb/mknod.c14
1 files changed, 5 insertions, 9 deletions
diff --git a/toys/lsb/mknod.c b/toys/lsb/mknod.c
index 0fec5a25..d6cd65ce 100644
--- a/toys/lsb/mknod.c
+++ b/toys/lsb/mknod.c
@@ -50,13 +50,9 @@ void mknod_main(void)
minor = atoi(toys.optargs[3]);
}
- if (mknod(toys.optargs[0], mode | modes[type], makedev(major, minor))) {
- perror_exit("mknod %s failed", toys.optargs[0]);
- }
- else if (CFG_MKNOD_Z && (toys.optflags & FLAG_Z)) {
- if (lsm_set_context(toys.optargs[0], TT.arg_context) < 0) {
- unlink(toys.optargs[0]);
- error_msg("'%s': bad -Z '%s'", toys.optargs[0], TT.arg_context);
- }
- }
+ if (toys.optflags & FLAG_Z)
+ if (-1 == lsm_set_create(TT.arg_context))
+ error_exit("bad -Z '%s'", TT.arg_context);
+ if (mknod(*toys.optargs, mode|modes[type], makedev(major, minor)))
+ perror_exit("%s", *toys.optargs);
}