#include "journald-console.h"
#include "journald-syslog.h"
#include "journald-wall.h"
+#include "memfd-util.h"
bool valid_user_field(const char *p, size_t l, bool allow_protected) {
const char *a;
return true;
}
-static bool allow_object_pid(struct ucred *ucred) {
+static bool allow_object_pid(const struct ucred *ucred) {
return ucred && ucred->uid == 0;
}
void server_process_native_message(
Server *s,
const void *buffer, size_t buffer_size,
- struct ucred *ucred,
- struct timeval *tv,
+ const struct ucred *ucred,
+ const struct timeval *tv,
const char *label, size_t label_len) {
struct iovec *iovec = NULL;
void server_process_native_file(
Server *s,
int fd,
- struct ucred *ucred,
- struct timeval *tv,
+ const struct ucred *ucred,
+ const struct timeval *tv,
const char *label, size_t label_len) {
struct stat st;
/* If it's a memfd, check if it is sealed. If so, we can just
* use map it and use it, and do not need to copy the data
* out. */
- r = fcntl(fd, F_GET_SEALS);
- sealed = r >= 0 &&
- (r & (F_SEAL_SHRINK|F_SEAL_GROW|F_SEAL_WRITE|F_SEAL_SEAL)) == (F_SEAL_SHRINK|F_SEAL_GROW|F_SEAL_WRITE|F_SEAL_SEAL);
+ sealed = memfd_get_sealed(fd) > 0;
if (!sealed && (!ucred || ucred->uid != 0)) {
_cleanup_free_ char *sl = NULL, *k = NULL;
}
int server_open_native_socket(Server*s) {
- int one, r;
+ static const int one = 1;
+ int r;
assert(s);
} else
fd_nonblock(s->native_fd, 1);
- one = 1;
r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
if (r < 0) {
log_error("SO_PASSCRED failed: %m");
#ifdef HAVE_SELINUX
if (mac_selinux_use()) {
- one = 1;
r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
if (r < 0)
log_warning("SO_PASSSEC failed: %m");
}
#endif
- one = 1;
r = setsockopt(s->native_fd, SOL_SOCKET, SO_TIMESTAMP, &one, sizeof(one));
if (r < 0) {
log_error("SO_TIMESTAMP failed: %m");