[systemd-commits] 4 commits - src/core src/cryptsetup src/fstab-generator src/getty-generator src/journal src/libudev src/locale src/login src/nspawn src/random-seed src/rc-local-generator src/shared src/shutdownd src/test src/tmpfiles src/tty-ask-password-agent src/udev
Kay Sievers
kay at kemper.freedesktop.org
Thu May 31 04:42:37 PDT 2012
src/core/automount.c | 4 -
src/core/dbus.c | 2
src/core/manager.c | 2
src/core/mount-setup.c | 6 +-
src/core/mount.c | 4 -
src/core/path.c | 2
src/core/shutdown.c | 2
src/core/socket.c | 2
src/cryptsetup/cryptsetup-generator.c | 6 +-
src/fstab-generator/fstab-generator.c | 10 ++--
src/getty-generator/getty-generator.c | 2
src/journal/coredump.c | 2
src/journal/journald.c | 2
src/libudev/libudev-device-private.c | 4 -
src/locale/localed.c | 2
src/login/logind-dbus.c | 6 +-
src/login/logind-inhibit.c | 4 -
src/login/logind-seat.c | 2
src/login/logind-session.c | 4 -
src/login/logind-user.c | 6 +-
src/login/multi-seat-x.c | 2
src/nspawn/nspawn.c | 10 ++--
src/random-seed/random-seed.c | 2
src/rc-local-generator/rc-local-generator.c | 2
src/shared/ask-password-api.c | 2
src/shared/cgroup-label.c | 2
src/shared/install.c | 2
src/shared/label.c | 11 ++---
src/shared/label.h | 4 -
src/shared/mkdir.c | 43 ++++++++++++++++----
src/shared/mkdir.h | 6 ++
src/shared/path-lookup.c | 2
src/shared/socket-label.c | 2
src/shutdownd/shutdownd.c | 2
src/test/test-udev.c | 5 --
src/tmpfiles/tmpfiles.c | 2
src/tty-ask-password-agent/tty-ask-password-agent.c | 4 -
src/udev/udev-node.c | 6 +-
src/udev/udevadm.c | 4 -
src/udev/udevd.c | 5 --
40 files changed, 110 insertions(+), 82 deletions(-)
New commits:
commit 0f9963a8b8c1d60a467c0cdc04d5e7bfce9d7c75
Author: Kay Sievers <kay at vrfy.org>
Date: Thu May 31 13:34:41 2012 +0200
Revert "label: fix systemd-udev labeling of /run directory."
This reverts commit 9b5af248f04b6cad8a5bca836e89a39e9f6823d9.
Udev now explicitely labels only files/directories in /dev. The selinux
array API is not released and will not work on other distros at this moment.
diff --git a/src/shared/label.c b/src/shared/label.c
index d912574..9a5f79d 100644
--- a/src/shared/label.c
+++ b/src/shared/label.c
@@ -52,7 +52,7 @@ void label_retest_selinux(void) {
#endif
-int label_init(const char *prefixes[]) {
+int label_init(const char *prefix) {
int r = 0;
#ifdef HAVE_SELINUX
@@ -68,9 +68,9 @@ int label_init(const char *prefixes[]) {
before_mallinfo = mallinfo();
before_timestamp = now(CLOCK_MONOTONIC);
- if (prefixes) {
+ if (prefix) {
struct selinux_opt options[] = {
- { .type = SELABEL_OPT_SUBSET, .values = prefixes },
+ { .type = SELABEL_OPT_SUBSET, .value = prefix },
};
label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));
diff --git a/src/shared/label.h b/src/shared/label.h
index 2eaabfa..4f404b2 100644
--- a/src/shared/label.h
+++ b/src/shared/label.h
@@ -26,7 +26,7 @@
#include <stdbool.h>
#include <sys/socket.h>
-int label_init(const char *prefixes[]);
+int label_init(const char *prefix);
void label_finish(void);
int label_fix(const char *path, bool ignore_enoent);
diff --git a/src/test/test-udev.c b/src/test/test-udev.c
index bd9c059..414eabc 100644
--- a/src/test/test-udev.c
+++ b/src/test/test-udev.c
@@ -45,13 +45,12 @@ int main(int argc, char *argv[])
const char *action;
sigset_t mask, sigmask_orig;
int err = -EINVAL;
- const char *prefixes[] = { "/dev", "/run", NULL };
udev = udev_new();
if (udev == NULL)
exit(EXIT_FAILURE);
log_debug("version %s\n", VERSION);
- label_init(prefixes);
+ label_init("/dev");
sigprocmask(SIG_SETMASK, NULL, &sigmask_orig);
diff --git a/src/udev/udevadm.c b/src/udev/udevadm.c
index fafa31b..5217d7f 100644
--- a/src/udev/udevadm.c
+++ b/src/udev/udevadm.c
@@ -91,7 +91,6 @@ int main(int argc, char *argv[])
{ "version", no_argument, NULL, 'V' },
{}
};
- const char *prefixes[] = { "/dev", "/run", NULL };
const char *command;
unsigned int i;
int rc = 1;
@@ -103,8 +102,7 @@ int main(int argc, char *argv[])
log_open();
log_parse_environment();
udev_set_log_fn(udev, udev_main_log);
-
- label_init(prefixes);
+ label_init("/dev");
for (;;) {
int option;
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 43937db..7905310 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -1030,7 +1030,6 @@ int main(int argc, char *argv[])
int fd_ctrl = -1;
int fd_netlink = -1;
int fd_worker = -1;
- const char *prefixes[] = { "/dev", "/run", NULL };
struct epoll_event ep_ctrl, ep_inotify, ep_signal, ep_netlink, ep_worker;
struct udev_ctrl_connection *ctrl_conn = NULL;
int rc = 1;
@@ -1043,7 +1042,7 @@ int main(int argc, char *argv[])
log_parse_environment();
udev_set_log_fn(udev, udev_main_log);
log_debug("version %s\n", VERSION);
- label_init(prefixes);
+ label_init("/dev");
for (;;) {
int option;
commit 667e392408d6b56db981d8e76c31990501d0faf3
Author: Kay Sievers <kay at vrfy.org>
Date: Thu May 31 13:20:06 2012 +0200
udev: do not selinux label files in /run/udev
diff --git a/src/udev/udev-builtin-firmware.c b/src/udev/udev-builtin-firmware.c
index 69e1db9..56dc8fc 100644
--- a/src/udev/udev-builtin-firmware.c
+++ b/src/udev/udev-builtin-firmware.c
@@ -121,7 +121,7 @@ static int builtin_firmware(struct udev_device *dev, int argc, char *argv[], boo
/* This link indicates the missing firmware file and the associated device */
log_debug("did not find firmware file '%s'\n", firmware);
do {
- err = mkdir_parents_label(misspath, 0755);
+ err = mkdir_parents(misspath, 0755);
if (err != 0 && err != -ENOENT)
break;
err = symlink(udev_device_get_devpath(dev), misspath);
diff --git a/src/udev/udev-watch.c b/src/udev/udev-watch.c
index 04609a7..1091ec8 100644
--- a/src/udev/udev-watch.c
+++ b/src/udev/udev-watch.c
@@ -111,7 +111,7 @@ void udev_watch_begin(struct udev *udev, struct udev_device *dev)
}
snprintf(filename, sizeof(filename), "/run/udev/watch/%d", wd);
- mkdir_parents_label(filename, 0755);
+ mkdir_parents(filename, 0755);
unlink(filename);
symlink(udev_device_get_id_filename(dev), filename);
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 131d12d..43937db 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -896,7 +896,7 @@ static int convert_db(struct udev *udev)
return 0;
/* make sure we do not get here again */
- mkdir_parents_label("/run/udev/data", 0755);
+ mkdir_parents("/run/udev/data", 0755);
mkdir(filename, 0755);
/* old database */
commit c66e7f04997fb42b778703418097a5023fa17581
Author: Kay Sievers <kay at vrfy.org>
Date: Thu May 31 13:17:26 2012 +0200
mkdir: provide all functions with and without selinux label application
diff --git a/src/shared/label.c b/src/shared/label.c
index 3e5ea67..d912574 100644
--- a/src/shared/label.c
+++ b/src/shared/label.c
@@ -263,15 +263,14 @@ void label_free(const char *label) {
#endif
}
-int label_mkdir(const char *path, mode_t mode) {
+int label_mkdir(const char *path, mode_t mode, bool apply) {
/* Creates a directory and labels it according to the SELinux policy */
-
#ifdef HAVE_SELINUX
int r;
security_context_t fcon = NULL;
- if (!use_selinux() || !label_hnd)
+ if (!apply || !use_selinux() || !label_hnd)
goto skipped;
if (path_is_absolute(path))
diff --git a/src/shared/label.h b/src/shared/label.h
index 90b49ff..2eaabfa 100644
--- a/src/shared/label.h
+++ b/src/shared/label.h
@@ -41,7 +41,7 @@ void label_free(const char *label);
int label_get_create_label_from_exe(const char *exe, char **label);
-int label_mkdir(const char *path, mode_t mode);
+int label_mkdir(const char *path, mode_t mode, bool apply);
void label_retest_selinux(void);
diff --git a/src/shared/mkdir.c b/src/shared/mkdir.c
index 0eb70f2..e8b92e8 100644
--- a/src/shared/mkdir.c
+++ b/src/shared/mkdir.c
@@ -32,13 +32,13 @@
#include "log.h"
int mkdir_label(const char *path, mode_t mode) {
- return label_mkdir(path, mode);
+ return label_mkdir(path, mode, true);
}
-int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) {
+static int makedir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool apply) {
struct stat st;
- if (label_mkdir(path, mode) >= 0)
+ if (label_mkdir(path, mode, apply) >= 0)
if (chmod_and_chown(path, mode, uid, gid) < 0)
return -errno;
@@ -56,7 +56,15 @@ int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) {
return 0;
}
-int mkdir_parents_label(const char *path, mode_t mode) {
+int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid) {
+ return makedir_safe(path, mode, uid, gid, false);
+}
+
+int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) {
+ return makedir_safe(path, mode, uid, gid, true);
+}
+
+static int makedir_parents(const char *path, mode_t mode, bool apply) {
struct stat st;
const char *p, *e;
@@ -92,7 +100,7 @@ int mkdir_parents_label(const char *path, mode_t mode) {
if (!t)
return -ENOMEM;
- r = label_mkdir(t, mode);
+ r = label_mkdir(t, mode, apply);
free(t);
if (r < 0 && errno != EEXIST)
@@ -100,16 +108,33 @@ int mkdir_parents_label(const char *path, mode_t mode) {
}
}
-int mkdir_p_label(const char *path, mode_t mode) {
+int mkdir_parents(const char *path, mode_t mode) {
+ return makedir_parents(path, mode, false);
+}
+
+int mkdir_parents_label(const char *path, mode_t mode) {
+ return makedir_parents(path, mode, true);
+}
+
+static int makedir_p(const char *path, mode_t mode, bool apply) {
int r;
/* Like mkdir -p */
- if ((r = mkdir_parents_label(path, mode)) < 0)
+ r = makedir_parents(path, mode, apply);
+ if (r < 0)
return r;
- if (label_mkdir(path, mode) < 0 && errno != EEXIST)
+ if (label_mkdir(path, mode, apply) < 0 && errno != EEXIST)
return -errno;
return 0;
}
+
+int mkdir_p(const char *path, mode_t mode) {
+ return makedir_p(path, mode, false);
+}
+
+int mkdir_p_label(const char *path, mode_t mode) {
+ return makedir_p(path, mode, true);
+}
diff --git a/src/shared/mkdir.h b/src/shared/mkdir.h
index 1a332bb..ce1c35e 100644
--- a/src/shared/mkdir.h
+++ b/src/shared/mkdir.h
@@ -22,8 +22,11 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
-int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid);
int mkdir_label(const char *path, mode_t mode);
+int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid);
+int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid);
+int mkdir_parents(const char *path, mode_t mode);
int mkdir_parents_label(const char *path, mode_t mode);
+int mkdir_p(const char *path, mode_t mode);
int mkdir_p_label(const char *path, mode_t mode);
#endif
commit d2e54fae5ca7a0f71b5ac8b356a589ff0a09ea0a
Author: Kay Sievers <kay at vrfy.org>
Date: Thu May 31 12:40:20 2012 +0200
mkdir: append _label to all mkdir() calls that explicitly set the selinux context
diff --git a/src/core/automount.c b/src/core/automount.c
index e13259b..64b6cff 100644
--- a/src/core/automount.c
+++ b/src/core/automount.c
@@ -499,7 +499,7 @@ static void automount_enter_waiting(Automount *a) {
}
/* We knowingly ignore the results of this call */
- mkdir_p(a->where, 0555);
+ mkdir_p_label(a->where, 0555);
if (pipe2(p, O_NONBLOCK|O_CLOEXEC) < 0) {
r = -errno;
@@ -588,7 +588,7 @@ static void automount_enter_runnning(Automount *a) {
return;
}
- mkdir_p(a->where, a->directory_mode);
+ mkdir_p_label(a->where, a->directory_mode);
/* Before we do anything, let's see if somebody is playing games with us? */
if (lstat(a->where, &st) < 0) {
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 4347964..1bc83a2 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -1095,7 +1095,7 @@ static int bus_init_private(Manager *m) {
goto fail;
}
- mkdir_parents(p+10, 0755);
+ mkdir_parents_label(p+10, 0755);
unlink(p+10);
m->private_bus = dbus_server_listen(p, &error);
free(p);
diff --git a/src/core/manager.c b/src/core/manager.c
index 5c6d636..dedcb74 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2068,7 +2068,7 @@ static int create_generator_dir(Manager *m, char **generator, const char *name)
return -ENOMEM;
}
- r = mkdir_p(p, 0755);
+ r = mkdir_p_label(p, 0755);
if (r < 0) {
log_error("Failed to create generator directory: %s", strerror(-r));
free(p);
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index 56ce2ae..c26dedc 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -130,7 +130,7 @@ static int mount_one(const MountPoint *p, bool relabel) {
/* The access mode here doesn't really matter too much, since
* the mounted file system will take precedence anyway. */
- mkdir_p(p->where, 0755);
+ mkdir_p_label(p->where, 0755);
log_debug("Mounting %s to %s of type %s with options %s.",
p->what,
@@ -404,8 +404,8 @@ int mount_setup(bool loaded_policy) {
dev_setup();
/* Create a few directories we always want around */
- label_mkdir("/run/systemd", 0755);
- label_mkdir("/run/systemd/system", 0755);
+ mkdir_label("/run/systemd", 0755);
+ mkdir_label("/run/systemd/system", 0755);
return 0;
}
diff --git a/src/core/mount.c b/src/core/mount.c
index 11ac692..b885baa 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -915,12 +915,12 @@ static void mount_enter_mounting(Mount *m) {
m->control_command_id = MOUNT_EXEC_MOUNT;
m->control_command = m->exec_command + MOUNT_EXEC_MOUNT;
- mkdir_p(m->where, m->directory_mode);
+ mkdir_p_label(m->where, m->directory_mode);
/* Create the source directory for bind-mounts if needed */
p = get_mount_parameters_fragment(m);
if (p && mount_is_bind(p))
- mkdir_p(p->what, m->directory_mode);
+ mkdir_p_label(p->what, m->directory_mode);
if (m->from_fragment)
r = exec_command_set(
diff --git a/src/core/path.c b/src/core/path.c
index d6fedc7..6cf03ad 100644
--- a/src/core/path.c
+++ b/src/core/path.c
@@ -215,7 +215,7 @@ static void path_spec_mkdir(PathSpec *s, mode_t mode) {
if (s->type == PATH_EXISTS || s->type == PATH_EXISTS_GLOB)
return;
- if ((r = mkdir_p(s->path, mode)) < 0)
+ if ((r = mkdir_p_label(s->path, mode)) < 0)
log_warning("mkdir(%s) failed: %s", s->path, strerror(-r));
}
diff --git a/src/core/shutdown.c b/src/core/shutdown.c
index a8dfe26..baef66d 100644
--- a/src/core/shutdown.c
+++ b/src/core/shutdown.c
@@ -238,7 +238,7 @@ static int prepare_new_root(void) {
}
NULSTR_FOREACH(dir, dirs)
- if (mkdir_p(dir, 0755) < 0 && errno != EEXIST) {
+ if (mkdir_p_label(dir, 0755) < 0 && errno != EEXIST) {
log_error("Failed to mkdir %s: %m", dir);
return -errno;
}
diff --git a/src/core/socket.c b/src/core/socket.c
index df47578..633663e 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -761,7 +761,7 @@ static int fifo_address_create(
assert(path);
assert(_fd);
- mkdir_parents(path, directory_mode);
+ mkdir_parents_label(path, directory_mode);
r = label_context_set(path, S_IFIFO);
if (r < 0)
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index de64afd..3961d5d 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -175,7 +175,7 @@ static int create_disk(
goto fail;
}
- mkdir_parents(to, 0755);
+ mkdir_parents_label(to, 0755);
if (symlink(from, to) < 0) {
log_error("Failed to create symlink '%s' to '%s': %m", from, to);
r = -errno;
@@ -193,7 +193,7 @@ static int create_disk(
goto fail;
}
- mkdir_parents(to, 0755);
+ mkdir_parents_label(to, 0755);
if (symlink(from, to) < 0) {
log_error("Failed to create symlink '%s' to '%s': %m", from, to);
r = -errno;
@@ -211,7 +211,7 @@ static int create_disk(
goto fail;
}
- mkdir_parents(to, 0755);
+ mkdir_parents_label(to, 0755);
if (symlink(from, to) < 0) {
log_error("Failed to create symlink '%s' to '%s': %m", from, to);
r = -errno;
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index 8676a20..8419a0c 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -151,7 +151,7 @@ static int add_swap(const char *what, struct mntent *me) {
goto finish;
}
- mkdir_parents(lnk, 0755);
+ mkdir_parents_label(lnk, 0755);
if (symlink(unit, lnk) < 0) {
log_error("Failed to create symlink: %m");
r = -errno;
@@ -174,7 +174,7 @@ static int add_swap(const char *what, struct mntent *me) {
goto finish;
}
- mkdir_parents(lnk, 0755);
+ mkdir_parents_label(lnk, 0755);
if (symlink(unit, lnk) < 0) {
log_error("Failed to create symlink: %m");
r = -errno;
@@ -326,7 +326,7 @@ static int add_mount(const char *what, const char *where, struct mntent *me) {
goto finish;
}
- mkdir_parents(lnk, 0755);
+ mkdir_parents_label(lnk, 0755);
if (symlink(unit, lnk) < 0) {
log_error("Failed to create symlink: %m");
r = -errno;
@@ -352,7 +352,7 @@ static int add_mount(const char *what, const char *where, struct mntent *me) {
goto finish;
}
- mkdir_parents(lnk, 0755);
+ mkdir_parents_label(lnk, 0755);
if (symlink(unit, lnk) < 0) {
log_error("Failed to creat symlink: %m");
r = -errno;
@@ -413,7 +413,7 @@ static int add_mount(const char *what, const char *where, struct mntent *me) {
goto finish;
}
- mkdir_parents(lnk, 0755);
+ mkdir_parents_label(lnk, 0755);
if (symlink(automount_unit, lnk) < 0) {
log_error("Failed to create symlink: %m");
r = -errno;
diff --git a/src/getty-generator/getty-generator.c b/src/getty-generator/getty-generator.c
index 8560026..bb7c225 100644
--- a/src/getty-generator/getty-generator.c
+++ b/src/getty-generator/getty-generator.c
@@ -47,7 +47,7 @@ static int add_symlink(const char *fservice, const char *tservice) {
goto finish;
}
- mkdir_parents(to, 0755);
+ mkdir_parents_label(to, 0755);
r = symlink(from, to);
if (r < 0) {
diff --git a/src/journal/coredump.c b/src/journal/coredump.c
index 10897f3..300677b 100644
--- a/src/journal/coredump.c
+++ b/src/journal/coredump.c
@@ -54,7 +54,7 @@ static int divert_coredump(void) {
log_info("Detected coredump of the journal daemon itself, diverting coredump to /var/lib/systemd/coredump/.");
- mkdir_p("/var/lib/systemd/coredump", 0755);
+ mkdir_p_label("/var/lib/systemd/coredump", 0755);
f = fopen("/var/lib/systemd/coredump/core.systemd-journald", "we");
if (!f) {
diff --git a/src/journal/journald.c b/src/journal/journald.c
index f034a56..e0e7cce 100644
--- a/src/journal/journald.c
+++ b/src/journal/journald.c
@@ -1973,7 +1973,7 @@ static int system_journal_open(Server *s) {
/* OK, we really need the runtime journal, so create
* it if necessary. */
- (void) mkdir_parents(fn, 0755);
+ (void) mkdir_parents_label(fn, 0755);
r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, NULL, &s->runtime_journal);
free(fn);
diff --git a/src/libudev/libudev-device-private.c b/src/libudev/libudev-device-private.c
index 2347736..bdb0e70 100644
--- a/src/libudev/libudev-device-private.c
+++ b/src/libudev/libudev-device-private.c
@@ -35,7 +35,7 @@ static void udev_device_tag(struct udev_device *dev, const char *tag, bool add)
if (add) {
int fd;
- mkdir_parents(filename, 0755);
+ mkdir_parents_label(filename, 0755);
fd = open(filename, O_WRONLY|O_CREAT|O_CLOEXEC|O_TRUNC|O_NOFOLLOW, 0444);
if (fd >= 0)
close(fd);
@@ -119,7 +119,7 @@ int udev_device_update_db(struct udev_device *udev_device)
/* write a database file */
util_strscpyl(filename_tmp, sizeof(filename_tmp), filename, ".tmp", NULL);
- mkdir_parents(filename_tmp, 0755);
+ mkdir_parents_label(filename_tmp, 0755);
f = fopen(filename_tmp, "we");
if (f == NULL) {
udev_err(udev, "unable to create temporary db file '%s': %m\n", filename_tmp);
diff --git a/src/locale/localed.c b/src/locale/localed.c
index d582a9c..56fb339 100644
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -591,7 +591,7 @@ static int write_data_x11(void) {
return 0;
}
- mkdir_parents("/etc/X11/xorg.conf.d", 0755);
+ mkdir_parents_label("/etc/X11/xorg.conf.d", 0755);
r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path);
if (r < 0)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 5cdd089..6175d57 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -874,7 +874,7 @@ static int attach_device(Manager *m, const char *seat, const char *sysfs) {
goto finish;
}
- mkdir_p("/etc/udev/rules.d", 0755);
+ mkdir_p_label("/etc/udev/rules.d", 0755);
r = write_one_line_file_atomic(file, rule);
if (r < 0)
goto finish;
@@ -1890,9 +1890,9 @@ static DBusHandlerResult manager_message_handler(
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
- mkdir_p("/var/lib/systemd", 0755);
+ mkdir_p_label("/var/lib/systemd", 0755);
- r = safe_mkdir("/var/lib/systemd/linger", 0755, 0, 0);
+ r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0);
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
diff --git a/src/login/logind-inhibit.c b/src/login/logind-inhibit.c
index 2d25b79..96b7c6c 100644
--- a/src/login/logind-inhibit.c
+++ b/src/login/logind-inhibit.c
@@ -84,7 +84,7 @@ int inhibitor_save(Inhibitor *i) {
assert(i);
- r = safe_mkdir("/run/systemd/inhibit", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0);
if (r < 0)
goto finish;
@@ -272,7 +272,7 @@ int inhibitor_create_fifo(Inhibitor *i) {
/* Create FIFO */
if (!i->fifo_path) {
- r = safe_mkdir("/run/systemd/inhibit", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0);
if (r < 0)
return r;
diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
index 06debf8..755f20c 100644
--- a/src/login/logind-seat.c
+++ b/src/login/logind-seat.c
@@ -91,7 +91,7 @@ int seat_save(Seat *s) {
if (!s->started)
return 0;
- r = safe_mkdir("/run/systemd/seats", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0);
if (r < 0)
goto finish;
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index dd0de78..5c8d549 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -116,7 +116,7 @@ int session_save(Session *s) {
if (!s->started)
return 0;
- r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
if (r < 0)
goto finish;
@@ -816,7 +816,7 @@ int session_create_fifo(Session *s) {
/* Create FIFO */
if (!s->fifo_path) {
- r = safe_mkdir("/run/systemd/sessions", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
if (r < 0)
return r;
diff --git a/src/login/logind-user.c b/src/login/logind-user.c
index 2b80ff8..b971845 100644
--- a/src/login/logind-user.c
+++ b/src/login/logind-user.c
@@ -98,7 +98,7 @@ int user_save(User *u) {
if (!u->started)
return 0;
- r = safe_mkdir("/run/systemd/users", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0);
if (r < 0)
goto finish;
@@ -250,7 +250,7 @@ static int user_mkdir_runtime_path(User *u) {
assert(u);
- r = safe_mkdir("/run/user", 0755, 0, 0);
+ r = mkdir_safe_label("/run/user", 0755, 0, 0);
if (r < 0) {
log_error("Failed to create /run/user: %s", strerror(-r));
return r;
@@ -266,7 +266,7 @@ static int user_mkdir_runtime_path(User *u) {
} else
p = u->runtime_path;
- r = safe_mkdir(p, 0700, u->uid, u->gid);
+ r = mkdir_safe_label(p, 0700, u->uid, u->gid);
if (r < 0) {
log_error("Failed to create runtime directory %s: %s", p, strerror(-r));
free(p);
diff --git a/src/login/multi-seat-x.c b/src/login/multi-seat-x.c
index 32d8688..92014f5 100644
--- a/src/login/multi-seat-x.c
+++ b/src/login/multi-seat-x.c
@@ -113,7 +113,7 @@ int main(int argc, char *argv[]) {
goto fail;
}
- r = safe_mkdir("/run/systemd/multi-session-x", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/multi-session-x", 0755, 0, 0);
if (r < 0) {
log_error("Failed to create directory: %s", strerror(-r));
goto fail;
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 8a5eb34..fec39d6 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -222,7 +222,7 @@ static int mount_all(const char *dest) {
continue;
}
- mkdir_p(where, 0755);
+ mkdir_p_label(where, 0755);
if (mount(mount_table[k].what,
where,
@@ -1035,13 +1035,13 @@ int main(int argc, char *argv[]) {
goto child_fail;
}
- if (mkdir_parents(home, 0775) < 0) {
- log_error("mkdir_parents() failed: %m");
+ if (mkdir_parents_label(home, 0775) < 0) {
+ log_error("mkdir_parents_label() failed: %m");
goto child_fail;
}
- if (safe_mkdir(home, 0775, uid, gid) < 0) {
- log_error("safe_mkdir() failed: %m");
+ if (mkdir_safe_label(home, 0775, uid, gid) < 0) {
+ log_error("mkdir_safe_label() failed: %m");
goto child_fail;
}
diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c
index d1cab8b..c2729fe 100644
--- a/src/random-seed/random-seed.c
+++ b/src/random-seed/random-seed.c
@@ -68,7 +68,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
- if (mkdir_parents(RANDOM_SEED, 0755) < 0) {
+ if (mkdir_parents_label(RANDOM_SEED, 0755) < 0) {
log_error("Failed to create directories parents of %s: %m", RANDOM_SEED);
goto finish;
}
diff --git a/src/rc-local-generator/rc-local-generator.c b/src/rc-local-generator/rc-local-generator.c
index 38168cc..f41a6bf 100644
--- a/src/rc-local-generator/rc-local-generator.c
+++ b/src/rc-local-generator/rc-local-generator.c
@@ -53,7 +53,7 @@ static int add_symlink(const char *service, const char *where) {
goto finish;
}
- mkdir_parents(to, 0755);
+ mkdir_parents_label(to, 0755);
r = symlink(from, to);
if (r < 0) {
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 55be807..4333bfb 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -324,7 +324,7 @@ int ask_password_agent(
sigset_add_many(&mask, SIGINT, SIGTERM, -1);
assert_se(sigprocmask(SIG_BLOCK, &mask, &oldmask) == 0);
- mkdir_p("/run/systemd/ask-password", 0755);
+ mkdir_p_label("/run/systemd/ask-password", 0755);
u = umask(0022);
fd = mkostemp(temp, O_CLOEXEC|O_CREAT|O_WRONLY);
diff --git a/src/shared/cgroup-label.c b/src/shared/cgroup-label.c
index 06e3c16..beeeec5 100644
--- a/src/shared/cgroup-label.c
+++ b/src/shared/cgroup-label.c
@@ -47,7 +47,7 @@ int cg_create(const char *controller, const char *path) {
if (r < 0)
return r;
- r = mkdir_parents(fs, 0755);
+ r = mkdir_parents_label(fs, 0755);
if (r >= 0) {
if (mkdir(fs, 0755) >= 0)
diff --git a/src/shared/install.c b/src/shared/install.c
index 7e4f666..40b137e 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -1151,7 +1151,7 @@ static int create_symlink(
assert(old_path);
assert(new_path);
- mkdir_parents(new_path, 0755);
+ mkdir_parents_label(new_path, 0755);
if (symlink(old_path, new_path) >= 0) {
add_file_change(changes, n_changes, UNIT_FILE_SYMLINK, new_path, old_path);
diff --git a/src/shared/mkdir.c b/src/shared/mkdir.c
index b102af7..0eb70f2 100644
--- a/src/shared/mkdir.c
+++ b/src/shared/mkdir.c
@@ -31,7 +31,11 @@
#include "util.h"
#include "log.h"
-int safe_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid) {
+int mkdir_label(const char *path, mode_t mode) {
+ return label_mkdir(path, mode);
+}
+
+int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) {
struct stat st;
if (label_mkdir(path, mode) >= 0)
@@ -52,7 +56,7 @@ int safe_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid) {
return 0;
}
-int mkdir_parents(const char *path, mode_t mode) {
+int mkdir_parents_label(const char *path, mode_t mode) {
struct stat st;
const char *p, *e;
@@ -96,12 +100,12 @@ int mkdir_parents(const char *path, mode_t mode) {
}
}
-int mkdir_p(const char *path, mode_t mode) {
+int mkdir_p_label(const char *path, mode_t mode) {
int r;
/* Like mkdir -p */
- if ((r = mkdir_parents(path, mode)) < 0)
+ if ((r = mkdir_parents_label(path, mode)) < 0)
return r;
if (label_mkdir(path, mode) < 0 && errno != EEXIST)
diff --git a/src/shared/mkdir.h b/src/shared/mkdir.h
index b1477c5..1a332bb 100644
--- a/src/shared/mkdir.h
+++ b/src/shared/mkdir.h
@@ -22,7 +22,8 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
-int safe_mkdir(const char *path, mode_t mode, uid_t uid, gid_t gid);
-int mkdir_parents(const char *path, mode_t mode);
-int mkdir_p(const char *path, mode_t mode);
+int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid);
+int mkdir_label(const char *path, mode_t mode);
+int mkdir_parents_label(const char *path, mode_t mode);
+int mkdir_p_label(const char *path, mode_t mode);
#endif
diff --git a/src/shared/path-lookup.c b/src/shared/path-lookup.c
index 32ddb38..a9c3e21 100644
--- a/src/shared/path-lookup.c
+++ b/src/shared/path-lookup.c
@@ -122,7 +122,7 @@ static char** user_dirs(
* then filter out this link, if it is actually is
* one. */
- mkdir_parents(data_home, 0777);
+ mkdir_parents_label(data_home, 0777);
(void) symlink("../../../.config/systemd/user", data_home);
}
diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c
index 5158bee..ff212de 100644
--- a/src/shared/socket-label.c
+++ b/src/shared/socket-label.c
@@ -106,7 +106,7 @@ int socket_address_listen(
mode_t old_mask;
/* Create parents */
- mkdir_parents(a->sockaddr.un.sun_path, directory_mode);
+ mkdir_parents_label(a->sockaddr.un.sun_path, directory_mode);
/* Enforce the right access mode for the socket*/
old_mask = umask(~ socket_mode);
diff --git a/src/shutdownd/shutdownd.c b/src/shutdownd/shutdownd.c
index 0497cd4..6eb8ed9 100644
--- a/src/shutdownd/shutdownd.c
+++ b/src/shutdownd/shutdownd.c
@@ -205,7 +205,7 @@ static int update_schedule_file(struct sd_shutdown_command *c) {
assert(c);
- r = safe_mkdir("/run/systemd/shutdown", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0);
if (r < 0) {
log_error("Failed to create shutdown subdirectory: %s", strerror(-r));
return r;
diff --git a/src/test/test-udev.c b/src/test/test-udev.c
index 551f756..bd9c059 100644
--- a/src/test/test-udev.c
+++ b/src/test/test-udev.c
@@ -97,7 +97,7 @@ int main(int argc, char *argv[])
mode |= S_IFCHR;
if (strcmp(action, "remove") != 0) {
- mkdir_parents(udev_device_get_devnode(dev), 0755);
+ mkdir_parents_label(udev_device_get_devnode(dev), 0755);
mknod(udev_device_get_devnode(dev), mode, udev_device_get_devnum(dev));
} else {
unlink(udev_device_get_devnode(dev));
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 2ee0601..aebc4bb 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -652,7 +652,7 @@ static int create_item(Item *i) {
case CREATE_DIRECTORY:
u = umask(0);
- mkdir_parents(i->path, 0755);
+ mkdir_parents_label(i->path, 0755);
r = mkdir(i->path, i->mode);
umask(u);
diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
index de843b4..7f537c2 100644
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -446,7 +446,7 @@ static int wall_tty_block(void) {
if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(devnr), minor(devnr)) < 0)
return -ENOMEM;
- mkdir_parents(p, 0700);
+ mkdir_parents_label(p, 0700);
mkfifo(p, 0600);
fd = open(p, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
@@ -570,7 +570,7 @@ static int watch_passwords(void) {
tty_block_fd = wall_tty_block();
- mkdir_p("/run/systemd/ask-password", 0755);
+ mkdir_p_label("/run/systemd/ask-password", 0755);
if ((notify = inotify_init1(IN_CLOEXEC)) < 0) {
r = -errno;
diff --git a/src/udev/udev-builtin-firmware.c b/src/udev/udev-builtin-firmware.c
index 56dc8fc..69e1db9 100644
--- a/src/udev/udev-builtin-firmware.c
+++ b/src/udev/udev-builtin-firmware.c
@@ -121,7 +121,7 @@ static int builtin_firmware(struct udev_device *dev, int argc, char *argv[], boo
/* This link indicates the missing firmware file and the associated device */
log_debug("did not find firmware file '%s'\n", firmware);
do {
- err = mkdir_parents(misspath, 0755);
+ err = mkdir_parents_label(misspath, 0755);
if (err != 0 && err != -ENOENT)
break;
err = symlink(udev_device_get_devpath(dev), misspath);
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index 3c9846f..2ef6341 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -100,7 +100,7 @@ static int node_symlink(struct udev *udev, const char *node, const char *slink)
} else {
log_debug("creating symlink '%s' to '%s'\n", slink, target);
do {
- err = mkdir_parents(slink, 0755);
+ err = mkdir_parents_label(slink, 0755);
if (err != 0 && err != -ENOENT)
break;
label_context_set(slink, S_IFLNK);
@@ -117,7 +117,7 @@ static int node_symlink(struct udev *udev, const char *node, const char *slink)
util_strscpyl(slink_tmp, sizeof(slink_tmp), slink, TMP_FILE_EXT, NULL);
unlink(slink_tmp);
do {
- err = mkdir_parents(slink_tmp, 0755);
+ err = mkdir_parents_label(slink_tmp, 0755);
if (err != 0 && err != -ENOENT)
break;
label_context_set(slink_tmp, S_IFLNK);
@@ -226,7 +226,7 @@ static void link_update(struct udev_device *dev, const char *slink, bool add)
do {
int fd;
- err = mkdir_parents(filename, 0755);
+ err = mkdir_parents_label(filename, 0755);
if (err != 0 && err != -ENOENT)
break;
fd = open(filename, O_WRONLY|O_CREAT|O_CLOEXEC|O_TRUNC|O_NOFOLLOW, 0444);
diff --git a/src/udev/udev-watch.c b/src/udev/udev-watch.c
index 1091ec8..04609a7 100644
--- a/src/udev/udev-watch.c
+++ b/src/udev/udev-watch.c
@@ -111,7 +111,7 @@ void udev_watch_begin(struct udev *udev, struct udev_device *dev)
}
snprintf(filename, sizeof(filename), "/run/udev/watch/%d", wd);
- mkdir_parents(filename, 0755);
+ mkdir_parents_label(filename, 0755);
unlink(filename);
symlink(udev_device_get_id_filename(dev), filename);
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index f6707a5..131d12d 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -850,7 +850,7 @@ static void static_dev_create_from_modules(struct udev *udev)
continue;
util_strscpyl(filename, sizeof(filename), "/dev/", devname, NULL);
- mkdir_parents(filename, 0755);
+ mkdir_parents_label(filename, 0755);
label_context_set(filename, mode);
log_debug("mknod '%s' %c%u:%u\n", filename, type, maj, min);
if (mknod(filename, mode, makedev(maj, min)) < 0 && errno == EEXIST)
@@ -896,7 +896,7 @@ static int convert_db(struct udev *udev)
return 0;
/* make sure we do not get here again */
- mkdir_parents("/run/udev/data", 0755);
+ mkdir_parents_label("/run/udev/data", 0755);
mkdir(filename, 0755);
/* old database */
More information about the systemd-commits
mailing list