+ return r;
+}
+
+#endif
+
+int smack_setup(void) {
+
+#ifdef HAVE_SMACK
+
+ int r;
+
+ r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
+ switch(r) {
+ case -ENOENT:
+ log_debug("Smack is not enabled in the kernel.");
+ return 0;
+ case ENOENT:
+ log_debug("Smack access rules directory " SMACK_CONFIG " not found");
+ return 0;
+ case 0:
+ log_info("Successfully loaded Smack policies.");
+ break;
+ default:
+ log_warning("Failed to load Smack access rules: %s, ignoring.",
+ strerror(abs(r)));
+ return 0;
+ }
+
+#ifdef SMACK_RUN_LABEL
+ r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL);
+ if (r)
+ log_warning("Failed to set SMACK label \"%s\" on self: %s",
+ SMACK_RUN_LABEL, strerror(-r));
+#endif
+
+ r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG);
+ switch(r) {
+ case -ENOENT:
+ log_debug("Smack/CIPSO is not enabled in the kernel.");
+ return 0;
+ case ENOENT:
+ log_debug("Smack/CIPSO access rules directory " CIPSO_CONFIG " not found");
+ return 0;
+ case 0:
+ log_info("Successfully loaded Smack/CIPSO policies.");
+ return 0;
+ default:
+ log_warning("Failed to load Smack/CIPSO access rules: %s, ignoring.",
+ strerror(abs(r)));
+ return 0;
+ }
+
+#endif