X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fshared%2Fsocket-label.c;h=b1ef19f26503d78d3355ffddcd98baf8ac2957b6;hp=9ab07a9b318795b8d36ce9d6243093eb338bc861;hb=58a489c2b3628f3003d3901537bec8b5e6c1b7bd;hpb=cc527a4734d636f1ab5a66576cb7e232af3cc261 diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c index 9ab07a9b3..b1ef19f26 100644 --- a/src/shared/socket-label.c +++ b/src/shared/socket-label.c @@ -6,16 +6,16 @@ Copyright 2010 Lennart Poettering systemd is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. systemd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. + Lesser General Public License for more details. - You should have received a copy of the GNU General Public License + You should have received a copy of the GNU Lesser General Public License along with systemd; If not, see . ***/ @@ -41,6 +41,7 @@ int socket_address_listen( const SocketAddress *a, + int flags, int backlog, SocketAddressBindIPv6Only only, const char *bind_to_device, @@ -48,27 +49,31 @@ int socket_address_listen( bool transparent, mode_t directory_mode, mode_t socket_mode, - const char *label, - int *ret) { + const char *label) { + + _cleanup_close_ int fd = -1; + int r, one; - int r, fd, one; assert(a); - assert(ret); - if ((r = socket_address_verify(a)) < 0) + r = socket_address_verify(a); + if (r < 0) return r; if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported()) return -EAFNOSUPPORT; - r = label_socket_set(label); - if (r < 0) - return r; + if (label) { + r = mac_selinux_create_socket_prepare(label); + if (r < 0) + return r; + } - fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, a->protocol); + fd = socket(socket_address_family(a), a->type | flags, a->protocol); r = fd < 0 ? -errno : 0; - label_socket_clear(); + if (label) + mac_selinux_create_socket_clear(); if (r < 0) return r; @@ -77,44 +82,44 @@ int socket_address_listen( int flag = only == SOCKET_ADDRESS_IPV6_ONLY; if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0) - goto fail; + return -errno; } if (socket_address_family(a) == AF_INET || socket_address_family(a) == AF_INET6) { if (bind_to_device) if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0) - goto fail; + return -errno; if (free_bind) { one = 1; if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0) - log_warning("IP_FREEBIND failed: %m"); + log_warning_errno(errno, "IP_FREEBIND failed: %m"); } if (transparent) { one = 1; if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) - log_warning("IP_TRANSPARENT failed: %m"); + log_warning_errno(errno, "IP_TRANSPARENT failed: %m"); } } one = 1; if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0) - goto fail; + return -errno; if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) { mode_t old_mask; /* Create parents */ - mkdir_parents(a->sockaddr.un.sun_path, directory_mode); + mkdir_parents_label(a->sockaddr.un.sun_path, directory_mode); - /* Enforce the right access mode for the socket*/ + /* Enforce the right access mode for the socket */ old_mask = umask(~ socket_mode); /* Include the original umask in our mask */ umask(~socket_mode | old_mask); - r = label_bind(fd, &a->sockaddr.sa, a->size); + r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size); if (r < 0 && errno == EADDRINUSE) { /* Unlink and try again */ @@ -127,17 +132,43 @@ int socket_address_listen( r = bind(fd, &a->sockaddr.sa, a->size); if (r < 0) - goto fail; + return -errno; if (socket_address_can_accept(a)) if (listen(fd, backlog) < 0) - goto fail; + return -errno; - *ret = fd; - return 0; + r = fd; + fd = -1; -fail: - r = -errno; - close_nointr_nofail(fd); return r; } + +int make_socket_fd(int log_level, const char* address, int flags) { + SocketAddress a; + int fd, r; + + r = socket_address_parse(&a, address); + if (r < 0) { + log_error("Failed to parse socket address \"%s\": %s", + address, strerror(-r)); + return r; + } + + fd = socket_address_listen(&a, flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT, + NULL, false, false, 0755, 0644, NULL); + if (fd < 0 || log_get_max_level() >= log_level) { + _cleanup_free_ char *p = NULL; + + r = socket_address_print(&a, &p); + if (r < 0) + return log_error_errno(r, "socket_address_print(): %m"); + + if (fd < 0) + log_error_errno(fd, "Failed to listen on %s: %m", p); + else + log_full(log_level, "Listening on %s", p); + } + + return fd; +}