From: Christian Göttsche <cgzones@googlemail.com>
Date: Tue, 1 Sep 2020 13:49:44 +0000 (+0200)
Subject: selinux: create /run/systemd/userdb directory and sockets with default SELinux context
X-Git-Tag: v247-rc1~317^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F16925%2Fhead;p=thirdparty%2Fsystemd.git

selinux: create /run/systemd/userdb directory and sockets with default SELinux context
---

diff --git a/src/core/core-varlink.c b/src/core/core-varlink.c
index 54f1cc7974c..5a586f1e59b 100644
--- a/src/core/core-varlink.c
+++ b/src/core/core-varlink.c
@@ -291,7 +291,7 @@ int manager_varlink_init(Manager *m) {
                 return log_error_errno(r, "Failed to register varlink methods: %m");
 
         if (!MANAGER_IS_TEST_RUN(m)) {
-                (void) mkdir_p("/run/systemd/userdb", 0755);
+                (void) mkdir_p_label("/run/systemd/userdb", 0755);
 
                 r = varlink_server_listen_address(s, "/run/systemd/userdb/io.systemd.DynamicUser", 0666);
                 if (r < 0)
diff --git a/src/shared/varlink.c b/src/shared/varlink.c
index e2b4bb623d1..419f533e9e2 100644
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@@ -9,6 +9,7 @@
 #include "io-util.h"
 #include "list.h"
 #include "process-util.h"
+#include "selinux-util.h"
 #include "set.h"
 #include "socket-util.h"
 #include "string-table.h"
@@ -2243,9 +2244,11 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t
 
         (void) sockaddr_un_unlink(&sockaddr.un);
 
-        RUN_WITH_UMASK(~m & 0777)
-                if (bind(fd, &sockaddr.sa, sockaddr_len) < 0)
-                        return -errno;
+        RUN_WITH_UMASK(~m & 0777) {
+                r = mac_selinux_bind(fd, &sockaddr.sa, sockaddr_len);
+                if (r < 0)
+                        return r;
+        }
 
         if (listen(fd, SOMAXCONN) < 0)
                 return -errno;