X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;ds=sidebyside;f=src%2Fshared%2Fsocket-label.c;h=144e6fd86edd056ca0f3634add1803bb492b1ccc;hb=ba812e282b3406f478e8ede2b6eb885f61fae6fc;hp=eb09779b334aafe29f866a6a92236e44a803ac62;hpb=c8b32e11ee24a333f8f7c7c15226741d22e55fdd;p=elogind.git
diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c
index eb09779b3..144e6fd86 100644
--- a/src/shared/socket-label.c
+++ b/src/shared/socket-label.c
@@ -19,25 +19,18 @@
along with systemd; If not, see .
***/
-#include
#include
#include
#include
-#include
-#include
-#include
-#include
-#include
#include
#include
-#include
#include "macro.h"
#include "util.h"
#include "mkdir.h"
-#include "socket-util.h"
#include "missing.h"
-#include "label.h"
+#include "selinux-util.h"
+#include "socket-util.h"
int socket_address_listen(
const SocketAddress *a,
@@ -45,6 +38,7 @@ int socket_address_listen(
int backlog,
SocketAddressBindIPv6Only only,
const char *bind_to_device,
+ bool reuse_port,
bool free_bind,
bool transparent,
mode_t directory_mode,
@@ -64,7 +58,7 @@ int socket_address_listen(
return -EAFNOSUPPORT;
if (label) {
- r = label_socket_set(label);
+ r = mac_selinux_create_socket_prepare(label);
if (r < 0)
return r;
}
@@ -73,7 +67,7 @@ int socket_address_listen(
r = fd < 0 ? -errno : 0;
if (label)
- label_socket_clear();
+ mac_selinux_create_socket_clear();
if (r < 0)
return r;
@@ -90,16 +84,22 @@ int socket_address_listen(
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
return -errno;
+ if (reuse_port) {
+ one = 1;
+ if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)) < 0)
+ log_warning_errno(errno, "SO_REUSEPORT failed: %m");
+ }
+
if (free_bind) {
one = 1;
if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
- log_warning("IP_FREEBIND failed: %m");
+ log_warning_errno(errno, "IP_FREEBIND failed: %m");
}
if (transparent) {
one = 1;
if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
- log_warning("IP_TRANSPARENT failed: %m");
+ log_warning_errno(errno, "IP_TRANSPARENT failed: %m");
}
}
@@ -116,10 +116,7 @@ int socket_address_listen(
/* Enforce the right access mode for the socket */
old_mask = umask(~ socket_mode);
- /* Include the original umask in our mask */
- umask(~socket_mode | old_mask);
-
- r = label_bind(fd, &a->sockaddr.sa, a->size);
+ r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
if (r < 0 && errno == EADDRINUSE) {
/* Unlink and try again */
@@ -150,23 +147,22 @@ int make_socket_fd(int log_level, const char* address, int flags) {
r = socket_address_parse(&a, address);
if (r < 0) {
- log_error("Failed to parse socket: %s", strerror(-r));
+ log_error("Failed to parse socket address \"%s\": %s",
+ address, strerror(-r));
return r;
}
fd = socket_address_listen(&a, flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT,
- NULL, false, false, 0755, 0644, NULL);
+ NULL, false, false, false, 0755, 0644, NULL);
if (fd < 0 || log_get_max_level() >= log_level) {
_cleanup_free_ char *p = NULL;
r = socket_address_print(&a, &p);
- if (r < 0) {
- log_error("socket_address_print(): %s", strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "socket_address_print(): %m");
if (fd < 0)
- log_error("Failed to listen on %s: %s", p, strerror(-r));
+ log_error_errno(fd, "Failed to listen on %s: %m", p);
else
log_full(log_level, "Listening on %s", p);
}