Skip to content

mknod: fix SELinux cleanup when context setting fails #10582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ChiamakaUI wants to merge 2 commits into
base: main
Choose a base branch
from
Open

mknod: fix SELinux cleanup when context setting fails #10582

ChiamakaUI wants to merge 2 commits into from
+19 −1

Conversation

@ChiamakaUI
Copy link

@ChiamakaUI ChiamakaUI commented Jan 30, 2026
edited
Loading

Summary

Fixes SELinux cleanup logic in mknod when setting the security context fails.

Previously, uutils attempted to clean up a partially created device node using std::fs::remove_dir, which does not work for device nodes or FIFOs. This could leave behind a mislabeled node on SELinux-enforcing systems.

Changes

  • Replaced std::fs::remove_dir with std::fs::remove_file for proper cleanup
  • Ensure failed SELinux context application does not leave artifacts behind

Test / Reproduction Steps

mknod --context=invalid_context_t /tmp/testnode c 1 3
ls -Z /tmp/testnode

@ChiamakaUI ChiamakaUI mentioned this pull request Jan 30, 2026
Open
@github-actions
Copy link

github-actions bot commented Jan 30, 2026

GNU testsuite comparison:

Skipping an intermittent issue tests/shuf/shuf-reservoir (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/sort/sort-stale-thread-mem (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/tail/inotify-dir-recreate (passes in this run but fails in the 'main' branch)
Congrats! The gnu test tests/basenc/bounded-memory is now passing!

@cakebaker cakebaker linked an issue Jan 30, 2026 that may be closed by this pull request
mknod: SELinux context applied after creation with broken cleanup #10326
Open
@ChiamakaUI
Copy link
Author

ChiamakaUI commented Jan 30, 2026

It looks like CI failed in an unrelated dd test (test_bytes_oseek_bytes_oflag). My changes are limited to mknod SELinux cleanup logic and do not affect dd or shared code.

Happy to rebase or rerun CI if needed.

@ChrisDryden
Copy link
Collaborator

ChrisDryden commented Jan 31, 2026
edited
Loading

Can you make a regression test for this in test_mknod.rs?

@ChrisDryden
Copy link
Collaborator

ChrisDryden commented Jan 31, 2026

test_selinux_invalid in tests/by-util/test_mkdir.rs is almost identical

You can use arg("p") for FIFO and at.file_exists() instead of at.dir_exists()

@github-actions
Copy link

github-actions bot commented Jan 31, 2026

GNU testsuite comparison:

Skipping an intermittent issue tests/shuf/shuf-reservoir (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/sort/sort-stale-thread-mem (passes in this run but fails in the 'main' branch)

@ChrisDryden
Copy link
Collaborator

ChrisDryden commented Jan 31, 2026

can you run cargo fmt?

@ChiamakaUI
Copy link
Author

ChiamakaUI commented Jan 31, 2026

can you run cargo fmt?

I ran cargo fmt and cargo fmt --check locally — both complete successfully with no changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

mknod: SELinux context applied after creation with broken cleanup

2 participants

@ChiamakaUI @ChrisDryden