mknod: SELinux context applied after creation with broken cleanup

[sylvestre]

Component

mknod

Description

uutils creates the node first, then attempts to set SELinux context. On failure, cleanup uses std::fs::remove_dir, which cannot remove device nodes or FIFOs. GNU sets the file creation context via setfscreatecon before calling mknod, so the node is created with the correct label atomically or not created at all.

// src/uu/mknod/src/mknod.rs:80-105
let errno = libc::mknod(c_str.as_ptr(), config.mode, config.dev);

#[cfg(feature = "selinux")]
if config.set_selinux_context {
    if let Err(e) = uucore::selinux::set_selinux_security_context(
        std::path::Path::new(file_name),
        config.context,
    ) {
        let _ = std::fs::remove_dir(file_name);  // <- wrong function for device nodes
        eprintln!("{}: {}", uucore::util_name(), e);
        return 1;
    }
}

Test / Reproduction Steps

mknod --context=invalid_context_t /tmp/testnode c 1 3
ls -Z /tmp/testnode

Impact

On SELinux-enforcing systems, the node is created with incorrect default context. The command reports failure but leaves a mislabeled device node behind, potentially allowing unintended access.