From 34434df7c1b919f658ee2db75358adbe5647bd76 Mon Sep 17 00:00:00 2001
From: Rob Landley <rob@landley.net>
Date: Mon, 15 Jun 2015 15:17:56 -0500
Subject: Use lsm_set_create() to set security blanket context before mknod,
 avoiding racy gap between create/label.

---
 toys/lsb/mknod.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/toys/lsb/mknod.c b/toys/lsb/mknod.c
index 0fec5a25..d6cd65ce 100644
--- a/toys/lsb/mknod.c
+++ b/toys/lsb/mknod.c
@@ -50,13 +50,9 @@ void mknod_main(void)
     minor = atoi(toys.optargs[3]);
   }
 
-  if (mknod(toys.optargs[0], mode | modes[type], makedev(major, minor))) {
-    perror_exit("mknod %s failed", toys.optargs[0]);
-  }
-  else if (CFG_MKNOD_Z && (toys.optflags & FLAG_Z)) {
-    if (lsm_set_context(toys.optargs[0], TT.arg_context) < 0) {
-      unlink(toys.optargs[0]);
-      error_msg("'%s': bad -Z '%s'", toys.optargs[0], TT.arg_context);
-    }
-  }
+  if (toys.optflags & FLAG_Z)
+    if (-1 == lsm_set_create(TT.arg_context))
+      error_exit("bad -Z '%s'", TT.arg_context);
+  if (mknod(*toys.optargs, mode|modes[type], makedev(major, minor)))
+    perror_exit("%s", *toys.optargs);
 }
-- 
cgit v1.2.3