From: Christian Göttsche <cgzones@googlemail.com>
Date: Tue, 4 Feb 2020 17:07:07 +0000 (+0100)
Subject: core: do not prepare a SELinux context for dummy files for devicenode bind-mounting
X-Git-Tag: v245-rc2~84
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1acf344dfa28a4941083b699ed65da65ee3b40e8;p=thirdparty%2Fsystemd.git

core: do not prepare a SELinux context for dummy files for devicenode bind-mounting

Let systemd create the dummy file where a device node will be mounted on with the default label for the parent directory (e.g. /tmp/namespace-dev-yTMwAe/dev/).

Fixes: #13762
---

diff --git a/src/core/namespace.c b/src/core/namespace.c
index 77854058304..07c9ac2b515 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -629,10 +629,9 @@ static int clone_device_node(
         }
 
         /* We're about to fallback to bind-mounting the device
-         * node. So create a dummy bind-mount target. */
-        mac_selinux_create_file_prepare(d, 0);
+         * node. So create a dummy bind-mount target.
+         * Do not prepare device-node SELinux label (see issue 13762) */
         r = mknod(dn, S_IFREG, 0);
-        mac_selinux_create_file_clear();
         if (r < 0 && errno != EEXIST)
                 return log_debug_errno(errno, "mknod() fallback failed for '%s': %m", d);