[systemd-devel] [PATCH v2 2/2] Set loaded_policy in smack_setup()
Lennart Poettering
lennart at poettering.net
Wed Feb 19 05:31:49 PST 2014
On Wed, 19.02.14 14:07, Łukasz Stelmach (l.stelmach at samsung.com) wrote:
> With loaded_policy set to true mount_setup() relabels /dev properly.
>
> Signed-off-by: Łukasz Stelmach <l.stelmach at samsung.com>
Patch looks good, but we don't do S-o-b in systemd.
> ---
> src/core/main.c | 2 +-
> src/core/smack-setup.c | 6 +++++-
> src/core/smack-setup.h | 2 +-
> 3 files changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/src/core/main.c b/src/core/main.c
> index 7566b0a..9c88845 100644
> --- a/src/core/main.c
> +++ b/src/core/main.c
> @@ -1309,7 +1309,7 @@ int main(int argc, char *argv[]) {
> goto finish;
> if (ima_setup() < 0)
> goto finish;
> - if (smack_setup() < 0)
> + if (smack_setup(&loaded_policy) < 0)
> goto finish;
> dual_timestamp_get(&security_finish_timestamp);
> }
> diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
> index 611bfdb..a68605c 100644
> --- a/src/core/smack-setup.c
> +++ b/src/core/smack-setup.c
> @@ -116,12 +116,14 @@ static int write_rules(const char* dstpath, const char* srcdir) {
>
> #endif
>
> -int smack_setup(void) {
> +int smack_setup(bool *loaded_policy) {
>
> #ifdef HAVE_SMACK
>
> int r;
>
> + assert(loaded_policy);
> +
> r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
> switch(r) {
> case -ENOENT:
> @@ -163,6 +165,8 @@ int smack_setup(void) {
> return 0;
> }
>
> + *loaded_policy = true;
> +
> #endif
>
> return 0;
> diff --git a/src/core/smack-setup.h b/src/core/smack-setup.h
> index ffe9184..8927096 100644
> --- a/src/core/smack-setup.h
> +++ b/src/core/smack-setup.h
> @@ -23,4 +23,4 @@
> along with systemd; If not, see <http://www.gnu.org/licenses/>.
> ***/
>
> -int smack_setup(void);
> +int smack_setup(bool *loaded_policy);
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list