[systemd-commits] 2 commits - src/resolve

Zbigniew Jędrzejewski-Szmek zbyszek at kemper.freedesktop.org
Mon Oct 13 19:39:59 PDT 2014 

 src/resolve/resolved-manager.c |   64 +++++++++++++++++++++++------------------
 src/resolve/resolved.c         |   10 +++++-
 2 files changed, 44 insertions(+), 30 deletions(-)

New commits:
commit a5a807e63a50314e190e9166d8a453cd8dd258e3
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date:   Mon Oct 13 22:27:43 2014 -0400

    resolved: apply label to /run/systemd/resolve/resolv.conf
    
    Under an SELinux system, we want the file that is created to
    have a proper context, different from the default for files in /run.
    This is so that the policy can give access to almost everyone to
    this file.

diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index ec181fa..74f4ad5 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -34,6 +34,7 @@
 #include "socket-util.h"
 #include "af-list.h"
 #include "utf8.h"
+#include "fileio-label.h"
 
 #include "resolved-dns-domain.h"
 #include "resolved-conf.h"
@@ -821,7 +822,7 @@ int manager_write_resolv_conf(Manager *m) {
                 }
         }
 
-        r = fopen_temporary(path, &f, &temp_path);
+        r = fopen_temporary_label(path, path, &f, &temp_path);
         if (r < 0)
                 return r;
 
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
index 88c3bcc..ef416e5 100644
--- a/src/resolve/resolved.c
+++ b/src/resolve/resolved.c
@@ -38,14 +38,20 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
-        umask(0022);
-
         if (argc != 1) {
                 log_error("This program takes no arguments.");
                 r = -EINVAL;
                 goto finish;
         }
 
+        umask(0022);
+
+        r = label_init(NULL);
+        if (r < 0) {
+                log_error("SELinux setup failed: %s", strerror(-r));
+                goto finish;
+        }
+
         r = get_user_creds(&user, &uid, &gid, NULL, NULL);
         if (r < 0) {
                 log_error("Cannot resolve user name %s: %s", user, strerror(-r));

commit 4713135eae4f7b6b670a98476fe413edfa1d9f41
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date:   Mon Oct 13 21:28:32 2014 -0400

    resolved: split out writing of resolv.conf
    
    manager_write_resolv_conf() is quite long anyway.

diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index 63d7845..ec181fa 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -720,12 +720,44 @@ static void write_resolv_conf_search(const char *domain, FILE *f,
         (*count) ++;
 }
 
+static int write_resolv_conf_contents(FILE *f, Set *dns, Set *domains) {
+        Iterator i;
+
+        fputs("# This file is managed by systemd-resolved(8). Do not edit.\n#\n"
+              "# Third party programs must not access this file directly, but\n"
+              "# only through the symlink at /etc/resolv.conf. To manage\n"
+              "# resolv.conf(5) in a different way, replace the symlink by a\n"
+              "# static file or a different symlink.\n\n", f);
+
+        if (set_isempty(dns))
+                fputs("# No DNS servers known.\n", f);
+        else {
+                DnsServer *s;
+                unsigned count = 0;
+
+                SET_FOREACH(s, dns, i)
+                        write_resolv_conf_server(s, f, &count);
+        }
+
+        if (!set_isempty(domains)) {
+                unsigned length = 0, count = 0;
+                char *domain;
+
+                fputs("search", f);
+                SET_FOREACH(domain, domains, i)
+                        write_resolv_conf_search(domain, f, &count, &length);
+                fputs("\n", f);
+        }
+
+        return fflush_and_check(f);
+}
+
+
 int manager_write_resolv_conf(Manager *m) {
         static const char path[] = "/run/systemd/resolve/resolv.conf";
         _cleanup_free_ char *temp_path = NULL;
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_set_free_ Set *dns = NULL, *domains = NULL;
-        unsigned count = 0;
         DnsServer *s;
         Iterator i;
         Link *l;
@@ -795,32 +827,7 @@ int manager_write_resolv_conf(Manager *m) {
 
         fchmod(fileno(f), 0644);
 
-        fputs("# This file is managed by systemd-resolved(8). Do not edit.\n#\n"
-              "# Third party programs must not access this file directly, but\n"
-              "# only through the symlink at /etc/resolv.conf. To manage\n"
-              "# resolv.conf(5) in a different way, replace the symlink by a\n"
-              "# static file or a different symlink.\n\n", f);
-
-        if (set_isempty(dns))
-                fputs("# No DNS servers known.\n", f);
-        else {
-                SET_FOREACH(s, dns, i)
-                        write_resolv_conf_server(s, f, &count);
-        }
-
-        if (!set_isempty(domains)) {
-                unsigned length = 0;
-                char *domain;
-
-                count = 0;
-
-                fputs("search", f);
-                SET_FOREACH(domain, domains, i)
-                        write_resolv_conf_search(domain, f, &count, &length);
-                fputs("\n", f);
-        }
-
-        r = fflush_and_check(f);
+        r = write_resolv_conf_contents(f, dns, domains);
         if (r < 0)
                 goto fail;

More information about the systemd-commits mailing list