From: Karol Lewandowski <k.lewandowsk@samsung.com>
Date: Thu, 16 May 2013 08:40:03 +0000 (+0200)
Subject: Make it possible to disable smack separately from xattr support
X-Git-Tag: v205~218
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=2b3e18de74ca89b374dd4f7a2c30e5731d347841

Make it possible to disable smack separately from xattr support

Additionally, compile out rule loading if feature is disabled.
---

diff --git a/configure.ac b/configure.ac
index 65186a45a..14a90c56d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -444,6 +444,31 @@ fi
 AC_SUBST(XATTR_LIBS)
 AM_CONDITIONAL([HAVE_XATTR], [test "x$have_xattr" != xno])
 
+# ------------------------------------------------------------------------------
+AC_ARG_ENABLE([smack], AS_HELP_STRING([--disable-smack],[Disable optional SMACK support]),
+                [case "${enableval}" in
+                        yes) have_smack=yes ;;
+                        no) have_smack=no ;;
+                        *) AC_MSG_ERROR(bad value ${enableval} for --disable-smack) ;;
+                esac],
+                [have_smack=auto])
+
+if test "x${have_xattr}" = xno; then
+        if test "x${have_smack}" = xyes; then
+                AC_MSG_ERROR(SMACK requires xattr support)
+        else
+                have_smack=no
+        fi
+else
+        if test "x${have_smack}" = xauto; then
+                have_smack=yes
+        fi
+fi
+
+if test "x${have_smack}" = xyes ; then
+        AC_DEFINE(HAVE_SMACK, 1, [Define if SMACK is available])
+fi
+
 # ------------------------------------------------------------------------------
 AC_ARG_ENABLE([gcrypt],
         AS_HELP_STRING([--disable-gcrypt],[Disable optional GCRYPT support]),
@@ -915,6 +940,7 @@ AC_MSG_RESULT([
         AUDIT:                   ${have_audit}
         IMA:                     ${have_ima}
         SELinux:                 ${have_selinux}
+        SMACK:                   ${have_smack}
         XZ:                      ${have_xz}
         ACL:                     ${have_acl}
         XATTR:                   ${have_xattr}
diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
index 73eeb0419..d67a84a58 100644
--- a/src/core/smack-setup.c
+++ b/src/core/smack-setup.c
@@ -42,6 +42,8 @@
 #define SMACK_CONFIG "/etc/smack/accesses.d/"
 #define CIPSO_CONFIG "/etc/smack/cipso/"
 
+#ifdef HAVE_SMACK
+
 static int write_rules(const char* dstpath, const char* srcdir) {
         _cleanup_fclose_ FILE *dst = NULL;
         _cleanup_closedir_ DIR *dir = NULL;
@@ -111,8 +113,12 @@ static int write_rules(const char* dstpath, const char* srcdir) {
        return r;
 }
 
+#endif
 
 int smack_setup(void) {
+
+#ifdef HAVE_SMACK
+
         int r;
 
         r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
@@ -148,4 +154,8 @@ int smack_setup(void) {
                             strerror(abs(r)));
                 return 0;
         }
+
+#endif
+
+        return 0;
 }
diff --git a/src/core/socket.c b/src/core/socket.c
index 1b08f0a5f..37ca228e6 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -788,7 +788,7 @@ static void socket_apply_socket_options(Socket *s, int fd) {
                 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
                         log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
 
-#ifdef HAVE_XATTR
+#ifdef HAVE_SMACK
         if (s->smack_ip_in)
                 if (fsetxattr(fd, "security.SMACK64IPIN", s->smack_ip_in, strlen(s->smack_ip_in), 0) < 0)
                         log_error_unit(UNIT(s)->id,
@@ -810,7 +810,7 @@ static void socket_apply_fifo_options(Socket *s, int fd) {
                         log_warning_unit(UNIT(s)->id,
                                          "F_SETPIPE_SZ: %m");
 
-#ifdef HAVE_XATTR
+#ifdef HAVE_SMACK
         if (s->smack)
                 if (fsetxattr(fd, "security.SMACK64", s->smack, strlen(s->smack), 0) < 0)
                         log_error_unit(UNIT(s)->id,