64 lines
2.9 KiB
Diff
64 lines
2.9 KiB
Diff
|
From 48a849ee17fb25e0001bfcc0f28a4aa633d016a1 Mon Sep 17 00:00:00 2001
|
||
|
From: Kay Sievers <kay@vrfy.org>
|
||
|
Date: Fri, 04 Jan 2013 15:15:46 +0000
|
||
|
Subject: udev: set device node permissions only at "add" events
|
||
|
|
||
|
---
|
||
|
diff --git a/TODO b/TODO
|
||
|
index 8ebb951..35d96ec 100644
|
||
|
--- a/TODO
|
||
|
+++ b/TODO
|
||
|
@@ -29,8 +29,6 @@ Features:
|
||
|
|
||
|
* exec: when deinitializating a tty device fix the perms and group, too, not only when initializing. Set access mode/gid to 0620/tty.
|
||
|
|
||
|
-* udev: only reset mode/gid of /dev/tty1 and friends on ACTION=add, not ACTION=changed
|
||
|
-
|
||
|
* DeviceAllow/DeviceDeny: disallow everything by default, but whitelist /dev/zero, /dev/null and friends
|
||
|
|
||
|
* service: watchdog logic: for testing purposes allow ping, but do not require pong
|
||
|
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
|
||
|
index 7774303..1e378ad 100644
|
||
|
--- a/src/udev/udev-node.c
|
||
|
+++ b/src/udev/udev-node.c
|
||
|
@@ -279,22 +279,23 @@ static int node_fixup(struct udev_device *dev, mode_t mode, uid_t uid, gid_t gid
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
- if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) {
|
||
|
- log_debug("set permissions %s, %#o, uid=%u, gid=%u\n", devnode, mode, uid, gid);
|
||
|
- chmod(devnode, mode);
|
||
|
- chown(devnode, uid, gid);
|
||
|
- } else {
|
||
|
- log_debug("preserve permissions %s, %#o, uid=%u, gid=%u\n", devnode, mode, uid, gid);
|
||
|
- }
|
||
|
-
|
||
|
/*
|
||
|
- * Set initial selinux file context only on add events.
|
||
|
- * We set the proper context on bootup (triger) or for newly
|
||
|
- * added devices, but we don't change it later, in case
|
||
|
- * something else has set a custom context in the meantime.
|
||
|
+ * Set permissions and selinux file context only on add events. We always
|
||
|
+ * set it on bootup (coldplug) with "trigger --action=add" for all devices
|
||
|
+ * and for any newly added devices (hotplug). We don't want to change it
|
||
|
+ * later, in case something else has applied custom settings in the meantime.
|
||
|
*/
|
||
|
- if (strcmp(udev_device_get_action(dev), "add") == 0)
|
||
|
- label_fix(devnode, true, false);
|
||
|
+ if (strcmp(udev_device_get_action(dev), "add") == 0) {
|
||
|
+ if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) {
|
||
|
+ log_debug("set permissions %s, %#o, uid=%u, gid=%u\n", devnode, mode, uid, gid);
|
||
|
+ chmod(devnode, mode);
|
||
|
+ chown(devnode, uid, gid);
|
||
|
+ } else {
|
||
|
+ log_debug("preserve permissions %s, %#o, uid=%u, gid=%u\n", devnode, mode, uid, gid);
|
||
|
+ }
|
||
|
+
|
||
|
+ label_fix(devnode, true, false);
|
||
|
+ }
|
||
|
|
||
|
/* always update timestamp when we re-use the node, like on media change events */
|
||
|
utimensat(AT_FDCWD, devnode, NULL, 0);
|
||
|
--
|
||
|
cgit v0.9.0.2-2-gbebe
|