selinux: create /run/systemd/userdb directory and sockets with default SELinux context

diff --git a/src/core/core-varlink.c b/src/core/core-varlink.c
index 54f1cc7974c93e5f9aca81fb112440c09ddac425..5a586f1e59bc9ccddcd9c0e893a19bf54596de44 100644 (file)
--- a/src/core/core-varlink.c
+++ b/src/core/core-varlink.c
@@ -291,7 +291,7 @@ int manager_varlink_init(Manager *m) {
                 return log_error_errno(r, "Failed to register varlink methods: %m");
 
         if (!MANAGER_IS_TEST_RUN(m)) {
-                (void) mkdir_p("/run/systemd/userdb", 0755);
+                (void) mkdir_p_label("/run/systemd/userdb", 0755);
 
                 r = varlink_server_listen_address(s, "/run/systemd/userdb/io.systemd.DynamicUser", 0666);
                 if (r < 0)

diff --git a/src/shared/varlink.c b/src/shared/varlink.c
index e2b4bb623d16c4668769bd920ca4cf7ffc2327f3..419f533e9e23734779497860ad57cb22295cfc7f 100644 (file)
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@@ -9,6 +9,7 @@
 #include "io-util.h"
 #include "list.h"
 #include "process-util.h"
+#include "selinux-util.h"
 #include "set.h"
 #include "socket-util.h"
 #include "string-table.h"
@@ -2243,9 +2244,11 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t
 
         (void) sockaddr_un_unlink(&sockaddr.un);
 
-        RUN_WITH_UMASK(~m & 0777)
-                if (bind(fd, &sockaddr.sa, sockaddr_len) < 0)
-                        return -errno;
+        RUN_WITH_UMASK(~m & 0777) {
+                r = mac_selinux_bind(fd, &sockaddr.sa, sockaddr_len);
+                if (r < 0)
+                        return r;
+        }
 
         if (listen(fd, SOMAXCONN) < 0)
                 return -errno;