X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fshared%2Fsocket-label.c;h=dfb8a1a43137a9554bfcf5f58519bc959e871bed;hb=901cf821ac8c13c78e1acb884f59baf41316fb8f;hp=ff212de825441d8fa45f069e9ce9e9aa518cb51f;hpb=d2e54fae5ca7a0f71b5ac8b356a589ff0a09ea0a;p=elogind.git
diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c
index ff212de82..dfb8a1a43 100644
--- a/src/shared/socket-label.c
+++ b/src/shared/socket-label.c
@@ -19,28 +19,22 @@
along with systemd; If not, see .
***/
-#include
#include
#include
#include
-#include
-#include
-#include
-#include
-#include
#include
#include
-#include
#include "macro.h"
#include "util.h"
#include "mkdir.h"
-#include "socket-util.h"
#include "missing.h"
-#include "label.h"
+#include "selinux-util.h"
+#include "socket-util.h"
int socket_address_listen(
const SocketAddress *a,
+ int flags,
int backlog,
SocketAddressBindIPv6Only only,
const char *bind_to_device,
@@ -48,27 +42,31 @@ int socket_address_listen(
bool transparent,
mode_t directory_mode,
mode_t socket_mode,
- const char *label,
- int *ret) {
+ const char *label) {
+
+ _cleanup_close_ int fd = -1;
+ int r, one;
- int r, fd, one;
assert(a);
- assert(ret);
- if ((r = socket_address_verify(a)) < 0)
+ r = socket_address_verify(a);
+ if (r < 0)
return r;
if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
return -EAFNOSUPPORT;
- r = label_socket_set(label);
- if (r < 0)
- return r;
+ if (label) {
+ r = mac_selinux_create_socket_prepare(label);
+ if (r < 0)
+ return r;
+ }
- fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, a->protocol);
+ fd = socket(socket_address_family(a), a->type | flags, a->protocol);
r = fd < 0 ? -errno : 0;
- label_socket_clear();
+ if (label)
+ mac_selinux_create_socket_clear();
if (r < 0)
return r;
@@ -77,30 +75,30 @@ int socket_address_listen(
int flag = only == SOCKET_ADDRESS_IPV6_ONLY;
if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
- goto fail;
+ return -errno;
}
if (socket_address_family(a) == AF_INET || socket_address_family(a) == AF_INET6) {
if (bind_to_device)
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
- goto fail;
+ return -errno;
if (free_bind) {
one = 1;
if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
- log_warning("IP_FREEBIND failed: %m");
+ log_warning_errno(errno, "IP_FREEBIND failed: %m");
}
if (transparent) {
one = 1;
if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
- log_warning("IP_TRANSPARENT failed: %m");
+ log_warning_errno(errno, "IP_TRANSPARENT failed: %m");
}
}
one = 1;
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
- goto fail;
+ return -errno;
if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) {
mode_t old_mask;
@@ -108,13 +106,13 @@ int socket_address_listen(
/* Create parents */
mkdir_parents_label(a->sockaddr.un.sun_path, directory_mode);
- /* Enforce the right access mode for the socket*/
+ /* Enforce the right access mode for the socket */
old_mask = umask(~ socket_mode);
/* Include the original umask in our mask */
umask(~socket_mode | old_mask);
- r = label_bind(fd, &a->sockaddr.sa, a->size);
+ r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
if (r < 0 && errno == EADDRINUSE) {
/* Unlink and try again */
@@ -127,17 +125,43 @@ int socket_address_listen(
r = bind(fd, &a->sockaddr.sa, a->size);
if (r < 0)
- goto fail;
+ return -errno;
if (socket_address_can_accept(a))
if (listen(fd, backlog) < 0)
- goto fail;
+ return -errno;
- *ret = fd;
- return 0;
+ r = fd;
+ fd = -1;
-fail:
- r = -errno;
- close_nointr_nofail(fd);
return r;
}
+
+int make_socket_fd(int log_level, const char* address, int flags) {
+ SocketAddress a;
+ int fd, r;
+
+ r = socket_address_parse(&a, address);
+ if (r < 0) {
+ log_error("Failed to parse socket address \"%s\": %s",
+ address, strerror(-r));
+ return r;
+ }
+
+ fd = socket_address_listen(&a, flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT,
+ NULL, false, false, 0755, 0644, NULL);
+ if (fd < 0 || log_get_max_level() >= log_level) {
+ _cleanup_free_ char *p = NULL;
+
+ r = socket_address_print(&a, &p);
+ if (r < 0)
+ return log_error_errno(r, "socket_address_print(): %m");
+
+ if (fd < 0)
+ log_error_errno(fd, "Failed to listen on %s: %m", p);
+ else
+ log_full(log_level, "Listening on %s", p);
+ }
+
+ return fd;
+}