From 2d66e6a23822a500ecf6610411941e99127129c8 Mon Sep 17 00:00:00 2001
From: Rob Landley <rob@landley.net>
Date: Thu, 28 May 2015 01:43:47 -0500
Subject: Attempt to fix the mkdir LSM race.

Doing a world writeable mkdir and _then_ adding a label seems like a race
window, so set the global "create stuff with these labels" context, then
do the creates.
---
 toys/posix/mkdir.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

(limited to 'toys/posix/mkdir.c')

diff --git a/toys/posix/mkdir.c b/toys/posix/mkdir.c
index 6e95e541..438e38ea 100644
--- a/toys/posix/mkdir.c
+++ b/toys/posix/mkdir.c
@@ -41,19 +41,15 @@ void mkdir_main(void)
   char **s;
   mode_t mode = (0777&~toys.old_umask);
 
+  if (CFG_MKDIR_Z && (toys.optflags&FLAG_Z))
+    if (0>lsm_set_create(TT.arg_context))
+      error_exit("bad -Z '%s'", TT.arg_context);
 
   if (TT.arg_mode) mode = string_to_mode(TT.arg_mode, 0777);
 
   // Note, -p and -v flags line up with mkpathat() flags
-
   for (s=toys.optargs; *s; s++) {
     if (mkpathat(AT_FDCWD, *s, mode, toys.optflags|1))
       perror_msg("'%s'", *s);
-    else if (CFG_MKDIR_Z && (toys.optflags & FLAG_Z)) {
-      if (lsm_set_context(*s, TT.arg_context)) {
-        rmdir(*s);
-        error_msg("'%s': bad -Z '%s'", *s, TT.arg_context);
-      }
-    }
   }
 }
-- 
cgit v1.2.3