Prep v225: Applying various fixes and changes to src/shared that got lost during...

[elogind.git] / src / shared / socket-label.c

diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c
index 9ab07a9b318795b8d36ce9d6243093eb338bc861..144e6fd86edd056ca0f3634add1803bb492b1ccc 100644 (file)
--- a/src/shared/socket-label.c
+++ b/src/shared/socket-label.c
@@ -6,69 +6,68 @@
   Copyright 2010 Lennart Poettering
 
   systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU General Public License as published by
-  the Free Software Foundation; either version 2 of the License, or
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
   (at your option) any later version.
 
   systemd is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  General Public License for more details.
+  Lesser General Public License for more details.
 
-  You should have received a copy of the GNU General Public License
+  You should have received a copy of the GNU Lesser General Public License
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include <assert.h>
 #include <string.h>
 #include <unistd.h>
 #include <errno.h>
-#include <stdlib.h>
-#include <arpa/inet.h>
-#include <stdio.h>
-#include <net/if.h>
-#include <sys/types.h>
 #include <sys/stat.h>
 #include <stddef.h>
-#include <sys/ioctl.h>
 
 #include "macro.h"
 #include "util.h"
 #include "mkdir.h"
-#include "socket-util.h"
 #include "missing.h"
-#include "label.h"
+#include "selinux-util.h"
+#include "socket-util.h"
 
 int socket_address_listen(
                 const SocketAddress *a,
+                int flags,
                 int backlog,
                 SocketAddressBindIPv6Only only,
                 const char *bind_to_device,
+                bool reuse_port,
                 bool free_bind,
                 bool transparent,
                 mode_t directory_mode,
                 mode_t socket_mode,
-                const char *label,
-                int *ret) {
+                const char *label) {
+
+        _cleanup_close_ int fd = -1;
+        int r, one;
 
-        int r, fd, one;
         assert(a);
-        assert(ret);
 
-        if ((r = socket_address_verify(a)) < 0)
+        r = socket_address_verify(a);
+        if (r < 0)
                 return r;
 
         if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
                 return -EAFNOSUPPORT;
 
-        r = label_socket_set(label);
-        if (r < 0)
-                return r;
+        if (label) {
+                r = mac_selinux_create_socket_prepare(label);
+                if (r < 0)
+                        return r;
+        }
 
-        fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, a->protocol);
+        fd = socket(socket_address_family(a), a->type | flags, a->protocol);
         r = fd < 0 ? -errno : 0;
 
-        label_socket_clear();
+        if (label)
+                mac_selinux_create_socket_clear();
 
         if (r < 0)
                 return r;
@@ -77,44 +76,47 @@ int socket_address_listen(
                 int flag = only == SOCKET_ADDRESS_IPV6_ONLY;
 
                 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
-                        goto fail;
+                        return -errno;
         }
 
         if (socket_address_family(a) == AF_INET || socket_address_family(a) == AF_INET6) {
                 if (bind_to_device)
                         if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
-                                goto fail;
+                                return -errno;
+
+                if (reuse_port) {
+                        one = 1;
+                        if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)) < 0)
+                                log_warning_errno(errno, "SO_REUSEPORT failed: %m");
+                }
 
                 if (free_bind) {
                         one = 1;
                         if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
-                                log_warning("IP_FREEBIND failed: %m");
+                                log_warning_errno(errno, "IP_FREEBIND failed: %m");
                 }
 
                 if (transparent) {
                         one = 1;
                         if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
-                                log_warning("IP_TRANSPARENT failed: %m");
+                                log_warning_errno(errno, "IP_TRANSPARENT failed: %m");
                 }
         }
 
         one = 1;
         if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
-                goto fail;
+                return -errno;
 
         if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) {
                 mode_t old_mask;
 
                 /* Create parents */
-                mkdir_parents(a->sockaddr.un.sun_path, directory_mode);
+                mkdir_parents_label(a->sockaddr.un.sun_path, directory_mode);
 
-                /* Enforce the right access mode for the socket*/
+                /* Enforce the right access mode for the socket */
                 old_mask = umask(~ socket_mode);
 
-                /* Include the original umask in our mask */
-                umask(~socket_mode | old_mask);
-
-                r = label_bind(fd, &a->sockaddr.sa, a->size);
+                r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
 
                 if (r < 0 && errno == EADDRINUSE) {
                         /* Unlink and try again */
@@ -127,17 +129,43 @@ int socket_address_listen(
                 r = bind(fd, &a->sockaddr.sa, a->size);
 
         if (r < 0)
-                goto fail;
+                return -errno;
 
         if (socket_address_can_accept(a))
                 if (listen(fd, backlog) < 0)
-                        goto fail;
+                        return -errno;
 
-        *ret = fd;
-        return 0;
+        r = fd;
+        fd = -1;
 
-fail:
-        r = -errno;
-        close_nointr_nofail(fd);
         return r;
 }
+
+int make_socket_fd(int log_level, const char* address, int flags) {
+        SocketAddress a;
+        int fd, r;
+
+        r = socket_address_parse(&a, address);
+        if (r < 0) {
+                log_error("Failed to parse socket address \"%s\": %s",
+                          address, strerror(-r));
+                return r;
+        }
+
+        fd = socket_address_listen(&a, flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT,
+                                   NULL, false, false, false, 0755, 0644, NULL);
+        if (fd < 0 || log_get_max_level() >= log_level) {
+                _cleanup_free_ char *p = NULL;
+
+                r = socket_address_print(&a, &p);
+                if (r < 0)
+                        return log_error_errno(r, "socket_address_print(): %m");
+
+                if (fd < 0)
+                        log_error_errno(fd, "Failed to listen on %s: %m", p);
+                else
+                        log_full(log_level, "Listening on %s", p);
+        }
+
+        return fd;
+}