[systemd-devel] [PATCH 1/2] smack-setup: extract rule writing into a separate function

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Wed Mar 13 20:40:23 PDT 2013


Check all errors. Return the first error if looping.
---
Hi Nathaniel,
your patches duplicate the same code paths (within one function!).
Also, if cipsco is not available, a warning would be printed, which
we don't want.

Can you check if the following two replacement patches work for you?
Please make sure that both a Smack kernel without configuration,
and a kernel with cipsco but not documentation doesn't confuse
systemd. I haven't checked them, I don't have Smack.

Zbyszek

 src/core/smack-setup.c | 91 +++++++++++++++++++++++++++++++++-----------------
 1 file changed, 60 insertions(+), 31 deletions(-)

diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
index d0f1ac0..804678d 100644
--- a/src/core/smack-setup.c
+++ b/src/core/smack-setup.c
@@ -39,66 +39,95 @@
 #include "log.h"
 #include "label.h"
 
-#define ACCESSES_D_PATH "/etc/smack/accesses.d/"
+#define SMACK_CONFIG "/etc/smack/accesses.d/"
 
-int smack_setup(void) {
-        _cleanup_fclose_ FILE *smack = NULL;
+static int write_rules(const char* dstpath, const char* srcdir) {
+        _cleanup_fclose_ FILE *dst = NULL;
         _cleanup_closedir_ DIR *dir = NULL;
         struct dirent *entry;
         char buf[NAME_MAX];
         int dfd = -1;
+        int r = 0;
 
-        smack = fopen("/sys/fs/smackfs/load2", "we");
-        if (!smack)  {
-                if (errno == ENOENT)
-                        log_debug("Smack is not enabled in the kernel, not loading access rules.");
-                else
-                        log_warning("Failed to open /sys/fs/smackfs/load2: %m");
-                return 0;
+        dst = fopen(dstpath, "we");
+        if (!dst)  {
+                if (errno != ENOENT)
+                        log_warning("Failed to open %s: %m", dstpath);
+                return -errno; /* negative error */
         }
 
-        /* write rules to load2 from every file in the directory */
-        dir = opendir(ACCESSES_D_PATH);
+        /* write rules to dst from every file in the directory */
+        dir = opendir(srcdir);
         if (!dir) {
-                log_full(errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
-                         "Opening Smack access rules directory "
-                         ACCESSES_D_PATH ": %m");
-                return 0;
+                if (errno != ENOENT)
+                        log_warning("Failed to opendir %s: %m", srcdir);
+                return errno; /* positive on purpose */
         }
 
         dfd = dirfd(dir);
         assert(dfd >= 0);
 
         FOREACH_DIRENT(entry, dir, return 0) {
+                int fd;
                 _cleanup_fclose_ FILE *policy = NULL;
-                _cleanup_close_ int pol = -1;
 
-                pol = openat(dfd, entry->d_name, O_RDONLY|O_CLOEXEC);
-                if (pol < 0) {
-                        log_error("Smack access rule file %s not opened: %m",
-                                  entry->d_name);
+                fd = openat(dfd, entry->d_name, O_RDONLY|O_CLOEXEC);
+                if (fd < 0) {
+                        if (r == 0)
+                                r = -errno;
+                        log_warning("Failed to open %s: %m", entry->d_name);
                         continue;
                 }
 
-                policy = fdopen(pol, "re");
+                policy = fdopen(fd, "re");
                 if (!policy) {
-                        log_error("Smack access rule file %s not opened: %m",
-                                  entry->d_name);
+                        if (r == 0)
+                                r = -errno;
+                        close_nointr_nofail(fd);
+                        log_error("Failed to open %s: %m", entry->d_name);
                         continue;
                 }
 
-                pol = -1;
-
                 /* load2 write rules in the kernel require a line buffered stream */
                 FOREACH_LINE(buf, policy,
-                             log_error("Failed to read from Smack access rule file %s: %m",
+                             log_error("Failed to read line from %s: %m",
                                        entry->d_name)) {
-                        fputs(buf, smack);
-                        fflush(smack);
+                        if (!fputs(buf, dst)) {
+                                if (r == 0)
+                                        r = -EINVAL;
+                                log_error("Failed to write line to %s", dstpath);
+                                break;
+                        }
+                        if (fflush(dst)) {
+                                if (r == 0)
+                                        r = -errno;
+                                log_error("Failed to flush writes to %s: %m", dstpath);
+                                break;
+                        }
                 }
         }
 
-        log_info("Successfully loaded Smack policies.");
+       return r;
+}
+
 
-        return 0;
+int smack_setup(void) {
+        int r;
+
+        r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
+        switch(r) {
+        case -ENOENT:
+                log_debug("Smack is not enabled in the kernel.");
+                return 0;
+        case ENOENT:
+                log_debug("Smack access rules directory " SMACK_CONFIG " not found");
+                return 0;
+        case 0:
+                log_info("Successfully loaded Smack policies.");
+                return 0;
+        default:
+                log_warning("Failed to load smack access rules: %s, ignoring.",
+                            strerror(abs(r)));
+                return 0;
+        }
 }
-- 
1.8.1.4



More information about the systemd-devel mailing list