label: unify code to make directories, symlinks

author Lennart Poettering <lennart@poettering.net>

Thu, 23 Oct 2014 17:58:45 +0000 (19:58 +0200)

committer Lennart Poettering <lennart@poettering.net>

Thu, 23 Oct 2014 19:36:56 +0000 (21:36 +0200)
author Lennart Poettering <lennart@poettering.net>
Thu, 23 Oct 2014 17:58:45 +0000 (19:58 +0200)
committer Lennart Poettering <lennart@poettering.net>
Thu, 23 Oct 2014 19:36:56 +0000 (21:36 +0200)
diff --git a/src/machine/machined.c b/src/machine/machined.c

index 71c8189d5f349da5e55d5d1213f095c0c6ef1105..966475b2429680bbf65c0a7e7acbcc8b48af5bb3 100644 (file)
--- a/src/machine/machined.c
+++ b/src/machine/machined.c
@@ -35,6 +35,7 @@
  #include "bus-util.h"
  #include "bus-error.h"
  #include "machined.h"
+#include "label.h"
  
  Manager *manager_new(void) {
          Manager *m;
diff --git a/src/shared/dev-setup.c b/src/shared/dev-setup.c

index ae1c3d9d4e3f763ce8754683f7636cd6f038649f..e8b0810d231ddf879339197b7fa8e42830abb873 100644 (file)
--- a/src/shared/dev-setup.c
+++ b/src/shared/dev-setup.c
@@ -32,24 +32,6 @@
  #include "util.h"
  #include "label.h"
  
-static int symlink_and_label(const char *old_path, const char *new_path) {
-        int r;
-
-        assert(old_path);
-        assert(new_path);
-
-        r = mac_selinux_create_file_prepare(new_path, S_IFLNK);
-        if (r < 0)
-                return r;
-
-        if (symlink(old_path, new_path) < 0)
-                r = -errno;
-
-        mac_selinux_create_file_clear();
-
-        return r;
-}
-
  int dev_setup(const char *prefix) {
          const char *j, *k;
  
@@ -75,9 +57,9 @@ int dev_setup(const char *prefix) {
                          if (!link_name)
                                  return -ENOMEM;
  
-                        symlink_and_label(j, link_name);
+                        symlink_label(j, link_name);
                  } else
-                        symlink_and_label(j, k);
+                        symlink_label(j, k);
          }
  
          return 0;
diff --git a/src/shared/label.c b/src/shared/label.c

index 38992be153d585bcddf5c78ffd7c04b49af3b19b..0af41afa77eff1a1a892d58d5683e5852f9661b0 100644 (file)
--- a/src/shared/label.c
+++ b/src/shared/label.c
@@ -35,3 +35,44 @@ int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
  
          return 0;
  }
+
+int mkdir_label(const char *path, mode_t mode) {
+        int r;
+
+        assert(path);
+
+        r = mac_selinux_create_file_prepare(path, S_IFDIR);
+        if (r < 0)
+                return r;
+
+        if (mkdir(path, mode) < 0)
+                r = -errno;
+
+        mac_selinux_create_file_clear();
+
+        if (r < 0)
+                return r;
+
+        return mac_smack_fix(path, false, false);
+}
+
+int symlink_label(const char *old_path, const char *new_path) {
+        int r;
+
+        assert(old_path);
+        assert(new_path);
+
+        r = mac_selinux_create_file_prepare(new_path, S_IFLNK);
+        if (r < 0)
+                return r;
+
+        if (symlink(old_path, new_path) < 0)
+                r = -errno;
+
+        mac_selinux_create_file_clear();
+
+        if (r < 0)
+                return r;
+
+        return mac_smack_fix(new_path, false, false);
+}
diff --git a/src/shared/label.h b/src/shared/label.h

index 1859f843dc29077848b2d8caf3bf8533af4f7097..3428a8bb7a4a50ec7b99524528c9d3f6c92d53d8 100644 (file)
--- a/src/shared/label.h
+++ b/src/shared/label.h
@@ -25,3 +25,6 @@
  #include "smack-util.h"
  
  int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs);
+
+int mkdir_label(const char *path, mode_t mode);
+int symlink_label(const char *old_path, const char *new_path);
diff --git a/src/shared/mkdir-label.c b/src/shared/mkdir-label.c

index 8b353867068d6a2b8f9d23fcecad413a8a961ac5..ee11ac06ff6b88c4289ccc415dee64b32c27865d 100644 (file)
--- a/src/shared/mkdir-label.c
+++ b/src/shared/mkdir-label.c
@@ -32,39 +32,14 @@
  #include "path-util.h"
  #include "mkdir.h"
  
-static int label_mkdir(const char *path, mode_t mode) {
-        int r;
-
-        if (mac_selinux_use())
-                return mac_selinux_mkdir(path, mode);
-
-        if (mac_smack_use()) {
-                r = mkdir(path, mode);
-                if (r < 0)
-                        return -errno;
-
-                return mac_smack_fix(path, false, false);
-        }
-
-        r = mkdir(path, mode);
-        if (r < 0)
-                return -errno;
-
-        return 0;
-}
-
-int mkdir_label(const char *path, mode_t mode) {
-        return label_mkdir(path, mode);
-}
-
  int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) {
-        return mkdir_safe_internal(path, mode, uid, gid, label_mkdir);
+        return mkdir_safe_internal(path, mode, uid, gid, mkdir_label);
  }
  
  int mkdir_parents_label(const char *path, mode_t mode) {
-        return mkdir_parents_internal(NULL, path, mode, label_mkdir);
+        return mkdir_parents_internal(NULL, path, mode, mkdir_label);
  }
  
  int mkdir_p_label(const char *path, mode_t mode) {
-        return mkdir_p_internal(NULL, path, mode, label_mkdir);
+        return mkdir_p_internal(NULL, path, mode, mkdir_label);
  }
diff --git a/src/shared/mkdir.h b/src/shared/mkdir.h

index 1586214a1eb2b26caecf54c01f3f1cffce43674a..d2794ead90ac518938465046a2f9830eaa56343f 100644 (file)
--- a/src/shared/mkdir.h
+++ b/src/shared/mkdir.h
@@ -30,7 +30,6 @@ int mkdir_parents(const char *path, mode_t mode);
  int mkdir_p(const char *path, mode_t mode);
  
  /* mandatory access control(MAC) versions */
-int mkdir_label(const char *path, mode_t mode);
  int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid);
  int mkdir_parents_label(const char *path, mode_t mode);
  int mkdir_p_label(const char *path, mode_t mode);
diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c

index 0d8c6c2f1c2dd8eadbb2f748568c0c86c5c4d853..4332c916fa11c248bd7f3bdb85355d4afd9a9f2a 100644 (file)
--- a/src/shared/selinux-util.c
+++ b/src/shared/selinux-util.c
@@ -319,7 +319,18 @@ int mac_selinux_create_file_prepare(const char *path, mode_t mode) {
          if (!label_hnd)
                  return 0;
  
-        r = selabel_lookup_raw(label_hnd, &filecon, path, mode);
+        if (path_is_absolute(path))
+                r = selabel_lookup_raw(label_hnd, &filecon, path, mode);
+        else {
+                _cleanup_free_ char *newpath;
+
+                newpath = path_make_absolute_cwd(path);
+                if (!newpath)
+                        return -ENOMEM;
+
+                r = selabel_lookup_raw(label_hnd, &filecon, newpath, S_IFDIR);
+        }
+
          if (r < 0 && errno != ENOENT)
                  r = -errno;
          else if (r == 0) {
@@ -380,56 +391,6 @@ void mac_selinux_create_socket_clear(void) {
  #endif
  }
  
-int mac_selinux_mkdir(const char *path, mode_t mode) {
-
-        /* Creates a directory and labels it according to the SELinux policy */
-
-#ifdef HAVE_SELINUX
-        _cleanup_security_context_free_ security_context_t fcon = NULL;
-        int r;
-
-        assert(path);
-
-        if (!label_hnd)
-                goto skipped;
-
-        if (path_is_absolute(path))
-                r = selabel_lookup_raw(label_hnd, &fcon, path, S_IFDIR);
-        else {
-                _cleanup_free_ char *newpath;
-
-                newpath = path_make_absolute_cwd(path);
-                if (!newpath)
-                        return -ENOMEM;
-
-                r = selabel_lookup_raw(label_hnd, &fcon, newpath, S_IFDIR);
-        }
-
-        if (r == 0)
-                r = setfscreatecon(fcon);
-
-        if (r < 0 && errno != ENOENT) {
-                log_enforcing("Failed to set SELinux security context %s for %s: %m", fcon, path);
-
-                if (security_getenforce() == 1) {
-                        r = -errno;
-                        goto finish;
-                }
-        }
-
-        r = mkdir(path, mode);
-        if (r < 0)
-                r = -errno;
-
-finish:
-        setfscreatecon(NULL);
-        return r;
-
-skipped:
-#endif
-        return mkdir(path, mode) < 0 ? -errno : 0;
-}
-
  int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) {
  
          /* Binds a socket and label its file system object according to the SELinux policy */
diff --git a/src/shared/selinux-util.h b/src/shared/selinux-util.h

index bce9fd5d4618e70dcc0236ba412f09a1da55d9f8..7ff8c607b4380766c078e0a08a234336c8f037bc 100644 (file)
--- a/src/shared/selinux-util.h
+++ b/src/shared/selinux-util.h
@@ -45,5 +45,4 @@ void mac_selinux_create_file_clear(void);
  int mac_selinux_create_socket_prepare(const char *label);
  void mac_selinux_create_socket_clear(void);
  
-int mac_selinux_mkdir(const char *path, mode_t mode);
  int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen);
author	Lennart Poettering <lennart@poettering.net>
	Thu, 23 Oct 2014 17:58:45 +0000 (19:58 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Thu, 23 Oct 2014 19:36:56 +0000 (21:36 +0200)
src/machine/machined.c		patch \| blob \| history
src/shared/dev-setup.c		patch \| blob \| history
src/shared/label.c		patch \| blob \| history
src/shared/label.h		patch \| blob \| history
src/shared/mkdir-label.c		patch \| blob \| history
src/shared/mkdir.h		patch \| blob \| history
src/shared/selinux-util.c		patch \| blob \| history
src/shared/selinux-util.h		patch \| blob \| history