X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcore%2Fsmack-setup.c;h=611bfdb2df155b20e51bf84ff95a478246c50ec9;hp=804678d6a6b08d1035ace38ac7238113e288c881;hb=92c1622e14dd99890928b1a1596e4a670b31a7ff;hpb=a4783bd17ad96f55b0fe83a50959da13555292bf diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c index 804678d6a..611bfdb2d 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c @@ -36,10 +36,14 @@ #include "macro.h" #include "smack-setup.h" #include "util.h" +#include "fileio.h" #include "log.h" #include "label.h" #define SMACK_CONFIG "/etc/smack/accesses.d/" +#define CIPSO_CONFIG "/etc/smack/cipso.d/" + +#ifdef HAVE_SMACK static int write_rules(const char* dstpath, const char* srcdir) { _cleanup_fclose_ FILE *dst = NULL; @@ -110,8 +114,12 @@ static int write_rules(const char* dstpath, const char* srcdir) { return r; } +#endif int smack_setup(void) { + +#ifdef HAVE_SMACK + int r; r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG); @@ -124,10 +132,38 @@ int smack_setup(void) { return 0; case 0: log_info("Successfully loaded Smack policies."); + break; + default: + log_warning("Failed to load Smack access rules: %s, ignoring.", + strerror(abs(r))); + return 0; + } + +#ifdef SMACK_RUN_LABEL + r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL); + if (r) + log_warning("Failed to set SMACK label \"%s\" on self: %s", + SMACK_RUN_LABEL, strerror(-r)); +#endif + + r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG); + switch(r) { + case -ENOENT: + log_debug("Smack/CIPSO is not enabled in the kernel."); + return 0; + case ENOENT: + log_debug("Smack/CIPSO access rules directory " CIPSO_CONFIG " not found"); + return 0; + case 0: + log_info("Successfully loaded Smack/CIPSO policies."); return 0; default: - log_warning("Failed to load smack access rules: %s, ignoring.", + log_warning("Failed to load Smack/CIPSO access rules: %s, ignoring.", strerror(abs(r))); return 0; } + +#endif + + return 0; }