[systemd-commits] src/core

Tom Gundersen tomegun at kemper.freedesktop.org
Fri Apr 25 15:55:39 PDT 2014


 src/core/ima-setup.c     |  110 +++++++++++++++++-----------------
 src/core/selinux-setup.c |  152 +++++++++++++++++++++++------------------------
 2 files changed, 131 insertions(+), 131 deletions(-)

New commits:
commit 4ab72d6fb499c2b4d8baced9fa94a8bbfa5a4b3d
Author: Will Woods <wwoods at redhat.com>
Date:   Fri Apr 25 18:26:33 2014 -0400

    core: reindent {selinux, ima, smack}-setup.c
    
    7-space indentation is just too weird to leave alone.
    Make it 8 spaces, as per CODING_STYLE. No other changes.

diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c
index ed65096..7bffd8d 100644
--- a/src/core/ima-setup.c
+++ b/src/core/ima-setup.c
@@ -44,63 +44,63 @@
 int ima_setup(void) {
 
 #ifdef HAVE_IMA
-       struct stat st;
-       ssize_t policy_size = 0, written = 0;
-       char *policy;
-       _cleanup_close_ int policyfd = -1, imafd = -1;
-       int result = 0;
-
-       if (stat(IMA_POLICY_PATH, &st) < 0)
-               return 0;
-
-       policy_size = st.st_size;
-       if (stat(IMA_SECFS_DIR, &st) < 0) {
-               log_debug("IMA support is disabled in the kernel, ignoring.");
-               return 0;
-       }
-
-       if (stat(IMA_SECFS_POLICY, &st) < 0) {
-               log_error("Another IMA custom policy has already been loaded, "
-                         "ignoring.");
-               return 0;
-       }
-
-       policyfd = open(IMA_POLICY_PATH, O_RDONLY|O_CLOEXEC);
-       if (policyfd < 0) {
-               log_error("Failed to open the IMA custom policy file %s (%m), "
-                         "ignoring.", IMA_POLICY_PATH);
-               return 0;
-       }
-
-       imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
-       if (imafd < 0) {
-               log_error("Failed to open the IMA kernel interface %s (%m), "
-                         "ignoring.", IMA_SECFS_POLICY);
-               goto out;
-       }
-
-       policy = mmap(NULL, policy_size, PROT_READ, MAP_PRIVATE, policyfd, 0);
-       if (policy == MAP_FAILED) {
-               log_error("mmap() failed (%m), freezing");
-               result = -errno;
-               goto out;
-       }
-
-       written = loop_write(imafd, policy, (size_t)policy_size, false);
-       if (written != policy_size) {
-               log_error("Failed to load the IMA custom policy file %s (%m), "
-                         "ignoring.", IMA_POLICY_PATH);
-               goto out_mmap;
-       }
-
-       log_info("Successfully loaded the IMA custom policy %s.",
-                IMA_POLICY_PATH);
+        struct stat st;
+        ssize_t policy_size = 0, written = 0;
+        char *policy;
+        _cleanup_close_ int policyfd = -1, imafd = -1;
+        int result = 0;
+
+        if (stat(IMA_POLICY_PATH, &st) < 0)
+                return 0;
+
+        policy_size = st.st_size;
+        if (stat(IMA_SECFS_DIR, &st) < 0) {
+                log_debug("IMA support is disabled in the kernel, ignoring.");
+                return 0;
+        }
+
+        if (stat(IMA_SECFS_POLICY, &st) < 0) {
+                log_error("Another IMA custom policy has already been loaded, "
+                          "ignoring.");
+                return 0;
+        }
+
+        policyfd = open(IMA_POLICY_PATH, O_RDONLY|O_CLOEXEC);
+        if (policyfd < 0) {
+                log_error("Failed to open the IMA custom policy file %s (%m), "
+                          "ignoring.", IMA_POLICY_PATH);
+                return 0;
+        }
+
+        imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
+        if (imafd < 0) {
+                log_error("Failed to open the IMA kernel interface %s (%m), "
+                          "ignoring.", IMA_SECFS_POLICY);
+                goto out;
+        }
+
+        policy = mmap(NULL, policy_size, PROT_READ, MAP_PRIVATE, policyfd, 0);
+        if (policy == MAP_FAILED) {
+                log_error("mmap() failed (%m), freezing");
+                result = -errno;
+                goto out;
+        }
+
+        written = loop_write(imafd, policy, (size_t)policy_size, false);
+        if (written != policy_size) {
+                log_error("Failed to load the IMA custom policy file %s (%m), "
+                          "ignoring.", IMA_POLICY_PATH);
+                goto out_mmap;
+        }
+
+        log_info("Successfully loaded the IMA custom policy %s.",
+                 IMA_POLICY_PATH);
 out_mmap:
-       munmap(policy, policy_size);
+        munmap(policy, policy_size);
 out:
-       if (result)
-                return result;
+        if (result)
+                 return result;
 #endif /* HAVE_IMA */
 
-       return 0;
+        return 0;
 }
diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
index 9a5d6b2..6d8bc89 100644
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -46,82 +46,82 @@ static int null_log(int type, const char *fmt, ...) {
 int selinux_setup(bool *loaded_policy) {
 
 #ifdef HAVE_SELINUX
-       int enforce = 0;
-       usec_t before_load, after_load;
-       security_context_t con;
-       int r;
-       union selinux_callback cb;
-
-       assert(loaded_policy);
-
-       /* Turn off all of SELinux' own logging, we want to do that */
-       cb.func_log = null_log;
-       selinux_set_callback(SELINUX_CB_LOG, cb);
-
-       /* Don't load policy in the initrd if we don't appear to have
-        * it.  For the real root, we check below if we've already
-        * loaded policy, and return gracefully.
-        */
-       if (in_initrd() && access(selinux_path(), F_OK) < 0)
-               return 0;
-
-       /* Already initialized by somebody else? */
-       r = getcon_raw(&con);
-       if (r == 0) {
-               bool initialized;
-
-               initialized = !streq(con, "kernel");
-               freecon(con);
-
-               if (initialized)
-                       return 0;
-       }
-
-       /* Make sure we have no fds open while loading the policy and
-        * transitioning */
-       log_close();
-
-       /* Now load the policy */
-       before_load = now(CLOCK_MONOTONIC);
-       r = selinux_init_load_policy(&enforce);
-       if (r == 0) {
-               char timespan[FORMAT_TIMESPAN_MAX];
-               char *label;
-
-               retest_selinux();
-
-               /* Transition to the new context */
-               r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
-               if (r < 0 || label == NULL) {
-                       log_open();
-                       log_error("Failed to compute init label, ignoring.");
-               } else {
-                       r = setcon(label);
-
-                       log_open();
-                       if (r < 0)
-                               log_error("Failed to transition into init label '%s', ignoring.", label);
-
-                       label_free(label);
-               }
-
-               after_load = now(CLOCK_MONOTONIC);
-
-               log_info("Successfully loaded SELinux policy in %s.",
-                        format_timespan(timespan, sizeof(timespan), after_load - before_load, 0));
-
-               *loaded_policy = true;
-
-       } else {
-               log_open();
-
-               if (enforce > 0) {
-                       log_error("Failed to load SELinux policy. Freezing.");
-                       return -EIO;
-               } else
-                       log_debug("Unable to load SELinux policy. Ignoring.");
-       }
+        int enforce = 0;
+        usec_t before_load, after_load;
+        security_context_t con;
+        int r;
+        union selinux_callback cb;
+
+        assert(loaded_policy);
+
+        /* Turn off all of SELinux' own logging, we want to do that */
+        cb.func_log = null_log;
+        selinux_set_callback(SELINUX_CB_LOG, cb);
+
+        /* Don't load policy in the initrd if we don't appear to have
+         * it.  For the real root, we check below if we've already
+         * loaded policy, and return gracefully.
+         */
+        if (in_initrd() && access(selinux_path(), F_OK) < 0)
+                return 0;
+
+        /* Already initialized by somebody else? */
+        r = getcon_raw(&con);
+        if (r == 0) {
+                bool initialized;
+
+                initialized = !streq(con, "kernel");
+                freecon(con);
+
+                if (initialized)
+                        return 0;
+        }
+
+        /* Make sure we have no fds open while loading the policy and
+         * transitioning */
+        log_close();
+
+        /* Now load the policy */
+        before_load = now(CLOCK_MONOTONIC);
+        r = selinux_init_load_policy(&enforce);
+        if (r == 0) {
+                char timespan[FORMAT_TIMESPAN_MAX];
+                char *label;
+
+                retest_selinux();
+
+                /* Transition to the new context */
+                r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
+                if (r < 0 || label == NULL) {
+                        log_open();
+                        log_error("Failed to compute init label, ignoring.");
+                } else {
+                        r = setcon(label);
+
+                        log_open();
+                        if (r < 0)
+                                log_error("Failed to transition into init label '%s', ignoring.", label);
+
+                        label_free(label);
+                }
+
+                after_load = now(CLOCK_MONOTONIC);
+
+                log_info("Successfully loaded SELinux policy in %s.",
+                         format_timespan(timespan, sizeof(timespan), after_load - before_load, 0));
+
+                *loaded_policy = true;
+
+        } else {
+                log_open();
+
+                if (enforce > 0) {
+                        log_error("Failed to load SELinux policy. Freezing.");
+                        return -EIO;
+                } else
+                        log_debug("Unable to load SELinux policy. Ignoring.");
+        }
 #endif
 
-       return 0;
+        return 0;
 }



More information about the systemd-commits mailing list