1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Intel Corporation
8 Author: Auke Kok <auke-jan.h.kok@intel.com>
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 #include <sys/xattr.h>
27 #include "path-util.h"
28 #include "smack-util.h"
30 bool mac_smack_use(void) {
32 static int cached_use = -1;
35 cached_use = access("/sys/fs/smackfs/", F_OK) >= 0;
44 int mac_smack_set_path(const char *path, const char *label) {
50 return setxattr(path, "security.SMACK64", label, strlen(label), 0);
52 return lremovexattr(path, "security.SMACK64");
58 int mac_smack_set_fd(int fd, const char *label) {
63 return fsetxattr(fd, "security.SMACK64", label, strlen(label), 0);
69 int mac_smack_set_ip_out_fd(int fd, const char *label) {
74 return fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0);
80 int mac_smack_set_ip_in_fd(int fd, const char *label) {
85 return fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0);
91 int mac_smack_relabel_in_dev(const char *path) {
99 * Path must be in /dev and must exist
101 if (!path_startswith(path, "/dev"))
104 r = lstat(path, &sb);
109 * Label directories and character devices "*".
110 * Label symlinks "_".
111 * Don't change anything else.
113 if (S_ISDIR(sb.st_mode))
114 label = SMACK_STAR_LABEL;
115 else if (S_ISLNK(sb.st_mode))
116 label = SMACK_FLOOR_LABEL;
117 else if (S_ISCHR(sb.st_mode))
118 label = SMACK_STAR_LABEL;
122 r = setxattr(path, "security.SMACK64", label, strlen(label), 0);
124 log_error("Smack relabeling \"%s\" %m", path);