X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcore%2Fsmack-setup.c;h=d0fd1809f9a54aa879c3ccfb7c5ed9ae85b34e2e;hp=73eeb041908d99915453d3452d20e2f9ed513b17;hb=8a188de9e0ea41509beda12084126d7a75ebe86e;hpb=abbacb1defaaecb8d2477685f7bb3fabcf58585b diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c index 73eeb0419..d0fd1809f 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c @@ -36,11 +36,14 @@ #include "macro.h" #include "smack-setup.h" #include "util.h" +#include "fileio.h" #include "log.h" #include "label.h" #define SMACK_CONFIG "/etc/smack/accesses.d/" -#define CIPSO_CONFIG "/etc/smack/cipso/" +#define CIPSO_CONFIG "/etc/smack/cipso.d/" + +#ifdef HAVE_SMACK static int write_rules(const char* dstpath, const char* srcdir) { _cleanup_fclose_ FILE *dst = NULL; @@ -84,7 +87,7 @@ static int write_rules(const char* dstpath, const char* srcdir) { if (!policy) { if (r == 0) r = -errno; - close_nointr_nofail(fd); + safe_close(fd); log_error("Failed to open %s: %m", entry->d_name); continue; } @@ -111,10 +114,16 @@ static int write_rules(const char* dstpath, const char* srcdir) { return r; } +#endif + +int mac_smack_setup(bool *loaded_policy) { + +#ifdef HAVE_SMACK -int smack_setup(void) { int r; + assert(loaded_policy); + r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG); switch(r) { case -ENOENT: @@ -132,6 +141,13 @@ int smack_setup(void) { return 0; } +#ifdef SMACK_RUN_LABEL + r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL); + if (r) + log_warning("Failed to set SMACK label \"%s\" on self: %s", + SMACK_RUN_LABEL, strerror(-r)); +#endif + r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG); switch(r) { case -ENOENT: @@ -142,10 +158,16 @@ int smack_setup(void) { return 0; case 0: log_info("Successfully loaded Smack/CIPSO policies."); - return 0; + break; default: log_warning("Failed to load Smack/CIPSO access rules: %s, ignoring.", strerror(abs(r))); return 0; } + + *loaded_policy = true; + +#endif + + return 0; }