selinux: create standard user-runtime nodes with default context

Currently systemd-user-runtime-dir does not create the files in
/run/user/$UID/systemd/inaccessible with the default SELinux label.
The user and role part of these labels should be based on the user
related to $UID and not based on the process context of
systemd-user-runtime-dir.

Since v246-rc1 (9664be199af6) /run/user/$UID/systemd is also created by
systemd-user-runtime-dir and should also be created with the default
SELinux context.

diff --git a/src/shared/dev-setup.c b/src/shared/dev-setup.c
index 6a280cde016341b95996f4eda2166b79e790527b..7641909c1b2c9d29b337e0633dde19a215d9cc03 100644 (file)
--- a/src/shared/dev-setup.c
+++ b/src/shared/dev-setup.c
@@ -103,9 +103,9 @@ int make_inaccessible_nodes(
                         return log_oom();
 
                 if (S_ISDIR(table[i].mode))
-                        r = mkdir(path, table[i].mode & 07777);
+                        r = mkdir_label(path, table[i].mode & 07777);
                 else
-                        r = mknod(path, table[i].mode, makedev(0, 0));
+                        r = mknod_label(path, table[i].mode, makedev(0, 0));
                 if (r < 0) {
                         if (errno != EEXIST)
                                 log_debug_errno(errno, "Failed to create '%s', ignoring: %m", path);