[systemd-commits] src/core src/shared src/udev
Kay Sievers
kay at kemper.freedesktop.org
Fri Oct 11 01:18:07 PDT 2013
src/core/socket.c | 27 +++++++++---------------
src/shared/smack-util.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++-
src/shared/smack-util.h | 4 +++
src/udev/udev-node.c | 19 ++++-------------
4 files changed, 70 insertions(+), 32 deletions(-)
New commits:
commit 9a4e038c1519d836d217fac5df3722e6a02ea78d
Author: Kay Sievers <kay at vrfy.org>
Date: Fri Oct 11 09:47:31 2013 +0200
smack: minimize ifdef use, and move all labeling to smack-util.c
diff --git a/src/core/socket.c b/src/core/socket.c
index 9a20b5c..ae92408 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -775,17 +775,13 @@ static void socket_apply_socket_options(Socket *s, int fd) {
log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
}
-#ifdef HAVE_SMACK
- if (s->smack_ip_in && use_smack())
- if (fsetxattr(fd, "security.SMACK64IPIN", s->smack_ip_in, strlen(s->smack_ip_in), 0) < 0)
- log_error_unit(UNIT(s)->id,
- "fsetxattr(\"security.SMACK64IPIN\"): %m");
-
- if (s->smack_ip_out && use_smack())
- if (fsetxattr(fd, "security.SMACK64IPOUT", s->smack_ip_out, strlen(s->smack_ip_out), 0) < 0)
- log_error_unit(UNIT(s)->id,
- "fsetxattr(\"security.SMACK64IPOUT\"): %m");
-#endif
+ if (s->smack_ip_in)
+ if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
+ log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
+
+ if (s->smack_ip_out)
+ if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
+ log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
}
static void socket_apply_fifo_options(Socket *s, int fd) {
@@ -797,12 +793,9 @@ static void socket_apply_fifo_options(Socket *s, int fd) {
log_warning_unit(UNIT(s)->id,
"F_SETPIPE_SZ: %m");
-#ifdef HAVE_SMACK
- if (s->smack && use_smack())
- if (fsetxattr(fd, "security.SMACK64", s->smack, strlen(s->smack), 0) < 0)
- log_error_unit(UNIT(s)->id,
- "fsetxattr(\"security.SMACK64\"): %m");
-#endif
+ if (s->smack)
+ if (smack_label_fd(fd, s->smack) < 0)
+ log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
}
static int fifo_address_create(
diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
index 4e8cf79..df194e0 100644
--- a/src/shared/smack-util.c
+++ b/src/shared/smack-util.c
@@ -22,11 +22,14 @@
***/
#include <unistd.h>
+#include <string.h>
+#ifdef HAVE_XATTR
+#include <attr/xattr.h>
+#endif
#include "smack-util.h"
bool use_smack(void) {
-
#ifdef HAVE_SMACK
static int use_smack_cached = -1;
@@ -39,3 +42,50 @@ bool use_smack(void) {
#endif
}
+
+int smack_label_path(const char *path, const char *label) {
+#ifdef HAVE_SMACK
+ if (!use_smack())
+ return 0;
+
+ if (label)
+ return setxattr(path, "security.SMACK64", label, strlen(label), 0);
+ else
+ return lremovexattr(path, "security.SMACK64");
+#else
+ return 0;
+#endif
+}
+
+int smack_label_fd(int fd, const char *label) {
+#ifdef HAVE_SMACK
+ if (!use_smack())
+ return 0;
+
+ return fsetxattr(fd, "security.SMACK64", label, strlen(label), 0);
+#else
+ return 0;
+#endif
+}
+
+int smack_label_ip_out_fd(int fd, const char *label) {
+#ifdef HAVE_SMACK
+ if (!use_smack())
+ return 0;
+
+ return fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0);
+#else
+ return 0;
+#endif
+}
+
+int smack_label_ip_in_fd(int fd, const char *label) {
+#ifdef HAVE_SMACK
+ if (!use_smack())
+ return 0;
+
+ return fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0);
+#else
+ return 0;
+#endif
+}
diff --git a/src/shared/smack-util.h b/src/shared/smack-util.h
index 7b950ea..42895ff 100644
--- a/src/shared/smack-util.h
+++ b/src/shared/smack-util.h
@@ -26,3 +26,7 @@
#include <stdbool.h>
bool use_smack(void);
+int smack_label_path(const char *path, const char *label);
+int smack_label_fd(int fd, const char *label);
+int smack_label_ip_in_fd(int fd, const char *label);
+int smack_label_ip_out_fd(int fd, const char *label);
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index c5d629d..0429c35 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -28,12 +28,9 @@
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/types.h>
-#ifdef HAVE_XATTR
-#include <attr/xattr.h>
-#endif
-#include "smack-util.h"
#include "udev.h"
+#include "smack-util.h"
static int node_symlink(struct udev_device *dev, const char *node, const char *slink)
{
@@ -285,9 +282,7 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
if (apply) {
bool selinux = false;
-#ifdef HAVE_SMACK
bool smack = false;
-#endif
if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) {
log_debug("set permissions %s, %#o, uid=%u, gid=%u\n", devnode, mode, uid, gid);
@@ -311,14 +306,12 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
else
log_debug("SECLABEL: set SELinux label '%s'", label);
-#ifdef HAVE_SMACK
- } else if (streq(name, "smack") && use_smack()) {
+ } else if (streq(name, "smack")) {
smack = true;
- if (lsetxattr(devnode, "security.SMACK64", label, strlen(label), 0) < 0)
+ if (smack_label_path(devnode, label) < 0)
log_error("SECLABEL: failed to set SMACK label '%s'", label);
else
log_debug("SECLABEL: set SMACK label '%s'", label);
-#endif
} else
log_error("SECLABEL: unknown subsystem, ignoring '%s'='%s'", name, label);
@@ -327,10 +320,8 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
/* set the defaults */
if (!selinux)
label_fix(devnode, true, false);
-#ifdef HAVE_SMACK
- if (!smack && use_smack())
- lremovexattr(devnode, "security.SMACK64");
-#endif
+ if (!smack)
+ smack_label_path(devnode, NULL);
}
/* always update timestamp when we re-use the node, like on media change events */
More information about the systemd-commits
mailing list