core: do not prepare a SELinux context for dummy files for devicenode bind-mounting

Let systemd create the dummy file where a device node will be mounted on with the default label for the parent directory (e.g. /tmp/namespace-dev-yTMwAe/dev/).

Fixes: #13762

diff --git a/src/core/namespace.c b/src/core/namespace.c
index 77854058304120c5ae617397a9dab6eb3eac4881..07c9ac2b515c8c0b62868b43711238515bd1994f 100644 (file)
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -629,10 +629,9 @@ static int clone_device_node(
         }
 
         /* We're about to fallback to bind-mounting the device
-         * node. So create a dummy bind-mount target. */
-        mac_selinux_create_file_prepare(d, 0);
+         * node. So create a dummy bind-mount target.
+         * Do not prepare device-node SELinux label (see issue 13762) */
         r = mknod(dn, S_IFREG, 0);
-        mac_selinux_create_file_clear();
         if (r < 0 && errno != EEXIST)
                 return log_debug_errno(errno, "mknod() fallback failed for '%s': %m", d);