X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fsmack-setup.c;h=5f6dabf82a228fbcacb6194a7b132ba43404ae49;hb=671174136525ddf208cdbe75d6d6bd159afa961f;hp=1434dea7c183d954463644e4347cb566a0b8def7;hpb=a1c9563cced72abe337e423b2a5ad19e0ed81325;p=elogind.git

diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
index 1434dea7c..5f6dabf82 100644
--- a/src/core/smack-setup.c
+++ b/src/core/smack-setup.c
@@ -36,6 +36,7 @@
 #include "macro.h"
 #include "smack-setup.h"
 #include "util.h"
+#include "fileio.h"
 #include "log.h"
 #include "label.h"
 
@@ -86,7 +87,7 @@ static int write_rules(const char* dstpath, const char* srcdir) {
                 if (!policy) {
                         if (r == 0)
                                 r = -errno;
-                        close_nointr_nofail(fd);
+                        safe_close(fd);
                         log_error("Failed to open %s: %m", entry->d_name);
                         continue;
                 }
@@ -115,12 +116,14 @@ static int write_rules(const char* dstpath, const char* srcdir) {
 
 #endif
 
-int smack_setup(void) {
+int smack_setup(bool *loaded_policy) {
 
 #ifdef HAVE_SMACK
 
         int r;
 
+        assert(loaded_policy);
+
         r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
         switch(r) {
         case -ENOENT:
@@ -138,6 +141,13 @@ int smack_setup(void) {
                 return 0;
         }
 
+#ifdef SMACK_RUN_LABEL
+        r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL);
+        if (r)
+                log_warning("Failed to set SMACK label \"%s\" on self: %s",
+                            SMACK_RUN_LABEL, strerror(-r));
+#endif
+
         r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG);
         switch(r) {
         case -ENOENT:
@@ -155,6 +165,8 @@ int smack_setup(void) {
                 return 0;
         }
 
+        *loaded_policy = true;
+
 #endif
 
         return 0;