mknod: SELinux context applied after creation with broken cleanup

[sylvestre]

Component

mknod

Description

uutils creates the node first, then attempts to set SELinux context. On failure, cleanup uses std::fs::remove_dir, which cannot remove device nodes or FIFOs. GNU sets the file creation context via setfscreatecon before calling mknod, so the node is created with the correct label atomically or not created at all.

// src/uu/mknod/src/mknod.rs:80-105
let errno = libc::mknod(c_str.as_ptr(), config.mode, config.dev);

#[cfg(feature = "selinux")]
if config.set_selinux_context {
    if let Err(e) = uucore::selinux::set_selinux_security_context(
        std::path::Path::new(file_name),
        config.context,
    ) {
        let _ = std::fs::remove_dir(file_name);  // <- wrong function for device nodes
        eprintln!("{}: {}", uucore::util_name(), e);
        return 1;
    }
}

Test / Reproduction Steps

mknod --context=invalid_context_t /tmp/testnode c 1 3
ls -Z /tmp/testnode

Impact

On SELinux-enforcing systems, the node is created with incorrect default context. The command reports failure but leaves a mislabeled device node behind, potentially allowing unintended access.

[ChiamakaUI]

Hi! I’d like to work on this issue if no one else is currently working on it.

[ChiamakaUI]

Hi! I’ve opened a PR to fix this by correcting the cleanup logic when SELinux context setting fails. Please let me know if there’s anything I should adjust. This is the link to the PR - #10582