chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
core: add log_unit_*_errno() macros
[elogind.git]
/
src
/
core
/
smack-setup.c
diff --git
a/src/core/smack-setup.c
b/src/core/smack-setup.c
index 1434dea7c183d954463644e4347cb566a0b8def7..d0fd1809f9a54aa879c3ccfb7c5ed9ae85b34e2e 100644
(file)
--- a/
src/core/smack-setup.c
+++ b/
src/core/smack-setup.c
@@
-36,6
+36,7
@@
#include "macro.h"
#include "smack-setup.h"
#include "util.h"
#include "macro.h"
#include "smack-setup.h"
#include "util.h"
+#include "fileio.h"
#include "log.h"
#include "label.h"
#include "log.h"
#include "label.h"
@@
-86,7
+87,7
@@
static int write_rules(const char* dstpath, const char* srcdir) {
if (!policy) {
if (r == 0)
r = -errno;
if (!policy) {
if (r == 0)
r = -errno;
-
close_nointr_nofail
(fd);
+
safe_close
(fd);
log_error("Failed to open %s: %m", entry->d_name);
continue;
}
log_error("Failed to open %s: %m", entry->d_name);
continue;
}
@@
-115,12
+116,14
@@
static int write_rules(const char* dstpath, const char* srcdir) {
#endif
#endif
-int
smack_setup(void
) {
+int
mac_smack_setup(bool *loaded_policy
) {
#ifdef HAVE_SMACK
int r;
#ifdef HAVE_SMACK
int r;
+ assert(loaded_policy);
+
r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
switch(r) {
case -ENOENT:
r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
switch(r) {
case -ENOENT:
@@
-138,6
+141,13
@@
int smack_setup(void) {
return 0;
}
return 0;
}
+#ifdef SMACK_RUN_LABEL
+ r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL);
+ if (r)
+ log_warning("Failed to set SMACK label \"%s\" on self: %s",
+ SMACK_RUN_LABEL, strerror(-r));
+#endif
+
r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG);
switch(r) {
case -ENOENT:
r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG);
switch(r) {
case -ENOENT:
@@
-148,13
+158,15
@@
int smack_setup(void) {
return 0;
case 0:
log_info("Successfully loaded Smack/CIPSO policies.");
return 0;
case 0:
log_info("Successfully loaded Smack/CIPSO policies.");
-
return 0
;
+
break
;
default:
log_warning("Failed to load Smack/CIPSO access rules: %s, ignoring.",
strerror(abs(r)));
return 0;
}
default:
log_warning("Failed to load Smack/CIPSO access rules: %s, ignoring.",
strerror(abs(r)));
return 0;
}
+ *loaded_policy = true;
+
#endif
return 0;
#endif
return 0;