chiark / gitweb /
service: honour that for services RestartSec=0 means immediate restarts but TimeoutSe...
[elogind.git] / src / core / smack-setup.c
index 804678d..611bfdb 100644 (file)
 #include "macro.h"
 #include "smack-setup.h"
 #include "util.h"
+#include "fileio.h"
 #include "log.h"
 #include "label.h"
 
 #define SMACK_CONFIG "/etc/smack/accesses.d/"
+#define CIPSO_CONFIG "/etc/smack/cipso.d/"
+
+#ifdef HAVE_SMACK
 
 static int write_rules(const char* dstpath, const char* srcdir) {
         _cleanup_fclose_ FILE *dst = NULL;
@@ -110,8 +114,12 @@ static int write_rules(const char* dstpath, const char* srcdir) {
        return r;
 }
 
+#endif
 
 int smack_setup(void) {
+
+#ifdef HAVE_SMACK
+
         int r;
 
         r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
@@ -124,10 +132,38 @@ int smack_setup(void) {
                 return 0;
         case 0:
                 log_info("Successfully loaded Smack policies.");
+                break;
+        default:
+                log_warning("Failed to load Smack access rules: %s, ignoring.",
+                            strerror(abs(r)));
+                return 0;
+        }
+
+#ifdef SMACK_RUN_LABEL
+        r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL);
+        if (r)
+                log_warning("Failed to set SMACK label \"%s\" on self: %s",
+                            SMACK_RUN_LABEL, strerror(-r));
+#endif
+
+        r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG);
+        switch(r) {
+        case -ENOENT:
+                log_debug("Smack/CIPSO is not enabled in the kernel.");
+                return 0;
+        case ENOENT:
+                log_debug("Smack/CIPSO access rules directory " CIPSO_CONFIG " not found");
+                return 0;
+        case 0:
+                log_info("Successfully loaded Smack/CIPSO policies.");
                 return 0;
         default:
-                log_warning("Failed to load smack access rules: %s, ignoring.",
+                log_warning("Failed to load Smack/CIPSO access rules: %s, ignoring.",
                             strerror(abs(r)));
                 return 0;
         }
+
+#endif
+
+        return 0;
 }