log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
}
-#ifdef HAVE_SMACK
- if (s->smack_ip_in && use_smack())
- if (fsetxattr(fd, "security.SMACK64IPIN", s->smack_ip_in, strlen(s->smack_ip_in), 0) < 0)
- log_error_unit(UNIT(s)->id,
- "fsetxattr(\"security.SMACK64IPIN\"): %m");
-
- if (s->smack_ip_out && use_smack())
- if (fsetxattr(fd, "security.SMACK64IPOUT", s->smack_ip_out, strlen(s->smack_ip_out), 0) < 0)
- log_error_unit(UNIT(s)->id,
- "fsetxattr(\"security.SMACK64IPOUT\"): %m");
-#endif
+ if (s->smack_ip_in)
+ if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
+ log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
+
+ if (s->smack_ip_out)
+ if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
+ log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
}
static void socket_apply_fifo_options(Socket *s, int fd) {
log_warning_unit(UNIT(s)->id,
"F_SETPIPE_SZ: %m");
-#ifdef HAVE_SMACK
- if (s->smack && use_smack())
- if (fsetxattr(fd, "security.SMACK64", s->smack, strlen(s->smack), 0) < 0)
- log_error_unit(UNIT(s)->id,
- "fsetxattr(\"security.SMACK64\"): %m");
-#endif
+ if (s->smack)
+ if (smack_label_fd(fd, s->smack) < 0)
+ log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
}
static int fifo_address_create(
***/
#include <unistd.h>
+#include <string.h>
+#ifdef HAVE_XATTR
+#include <attr/xattr.h>
+#endif
#include "smack-util.h"
bool use_smack(void) {
-
#ifdef HAVE_SMACK
static int use_smack_cached = -1;
#endif
}
+
+int smack_label_path(const char *path, const char *label) {
+#ifdef HAVE_SMACK
+ if (!use_smack())
+ return 0;
+
+ if (label)
+ return setxattr(path, "security.SMACK64", label, strlen(label), 0);
+ else
+ return lremovexattr(path, "security.SMACK64");
+#else
+ return 0;
+#endif
+}
+
+int smack_label_fd(int fd, const char *label) {
+#ifdef HAVE_SMACK
+ if (!use_smack())
+ return 0;
+
+ return fsetxattr(fd, "security.SMACK64", label, strlen(label), 0);
+#else
+ return 0;
+#endif
+}
+
+int smack_label_ip_out_fd(int fd, const char *label) {
+#ifdef HAVE_SMACK
+ if (!use_smack())
+ return 0;
+
+ return fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0);
+#else
+ return 0;
+#endif
+}
+
+int smack_label_ip_in_fd(int fd, const char *label) {
+#ifdef HAVE_SMACK
+ if (!use_smack())
+ return 0;
+
+ return fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0);
+#else
+ return 0;
+#endif
+}
#include <stdbool.h>
bool use_smack(void);
+int smack_label_path(const char *path, const char *label);
+int smack_label_fd(int fd, const char *label);
+int smack_label_ip_in_fd(int fd, const char *label);
+int smack_label_ip_out_fd(int fd, const char *label);
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/types.h>
-#ifdef HAVE_XATTR
-#include <attr/xattr.h>
-#endif
-#include "smack-util.h"
#include "udev.h"
+#include "smack-util.h"
static int node_symlink(struct udev_device *dev, const char *node, const char *slink)
{
if (apply) {
bool selinux = false;
-#ifdef HAVE_SMACK
bool smack = false;
-#endif
if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) {
log_debug("set permissions %s, %#o, uid=%u, gid=%u\n", devnode, mode, uid, gid);
else
log_debug("SECLABEL: set SELinux label '%s'", label);
-#ifdef HAVE_SMACK
- } else if (streq(name, "smack") && use_smack()) {
+ } else if (streq(name, "smack")) {
smack = true;
- if (lsetxattr(devnode, "security.SMACK64", label, strlen(label), 0) < 0)
+ if (smack_label_path(devnode, label) < 0)
log_error("SECLABEL: failed to set SMACK label '%s'", label);
else
log_debug("SECLABEL: set SMACK label '%s'", label);
-#endif
} else
log_error("SECLABEL: unknown subsystem, ignoring '%s'='%s'", name, label);
/* set the defaults */
if (!selinux)
label_fix(devnode, true, false);
-#ifdef HAVE_SMACK
- if (!smack && use_smack())
- lremovexattr(devnode, "security.SMACK64");
-#endif
+ if (!smack)
+ smack_label_path(devnode, NULL);
}
/* always update timestamp when we re-use the node, like on media change events */
~ianmdlvl / elogind.git / commitdiff