[systemd-devel] [PATCH] mac: add mac_ prefix to distinguish origin security apis

Lennart Poettering lennart at poettering.net
Tue Oct 28 06:33:58 PDT 2014


On Fri, 24.10.14 21:15, WaLyong Cho (walyong.cho at samsung.com) wrote:

Thanks! Applied!

> ---
>  src/core/dbus-job.c       |  2 +-
>  src/core/dbus-manager.c   | 68 +++++++++++++++++++++++------------------------
>  src/core/dbus-snapshot.c  |  2 +-
>  src/core/dbus-unit.c      |  8 +++---
>  src/core/dbus.c           |  8 +++---
>  src/core/main.c           |  4 +--
>  src/core/selinux-access.c | 46 +++++++++++---------------------
>  src/core/selinux-access.h | 18 ++++++-------
>  src/core/selinux-setup.c  |  2 +-
>  src/core/selinux-setup.h  |  2 +-
>  src/core/smack-setup.c    |  2 +-
>  src/core/smack-setup.h    |  2 +-
>  12 files changed, 74 insertions(+), 90 deletions(-)
> 
> diff --git a/src/core/dbus-job.c b/src/core/dbus-job.c
> index 3f7a28a..09f5739 100644
> --- a/src/core/dbus-job.c
> +++ b/src/core/dbus-job.c
> @@ -80,7 +80,7 @@ int bus_job_method_cancel(sd_bus *bus, sd_bus_message *message, void *userdata,
>          if (r < 0)
>                  return r;
>  
> -        r = selinux_unit_access_check(j->unit, message, "stop", error);
> +        r = mac_selinux_unit_access_check(j->unit, message, "stop", error);
>          if (r < 0)
>                  return r;
>  
> diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
> index 57db1c9..c54abd3 100644
> --- a/src/core/dbus-manager.c
> +++ b/src/core/dbus-manager.c
> @@ -363,7 +363,7 @@ static int method_get_unit(sd_bus *bus, sd_bus_message *message, void *userdata,
>          if (!u)
>                  return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s not loaded.", name);
>  
> -        r = selinux_unit_access_check(u, message, "status", error);
> +        r = mac_selinux_unit_access_check(u, message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -409,7 +409,7 @@ static int method_get_unit_by_pid(sd_bus *bus, sd_bus_message *message, void *us
>          if (!u)
>                  return sd_bus_error_setf(error, BUS_ERROR_NO_UNIT_FOR_PID, "PID %u does not belong to any loaded unit.", pid);
>  
> -        r = selinux_unit_access_check(u, message, "status", error);
> +        r = mac_selinux_unit_access_check(u, message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -441,7 +441,7 @@ static int method_load_unit(sd_bus *bus, sd_bus_message *message, void *userdata
>          if (r < 0)
>                  return r;
>  
> -        r = selinux_unit_access_check(u, message, "status", error);
> +        r = mac_selinux_unit_access_check(u, message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -648,7 +648,7 @@ static int method_start_transient_unit(sd_bus *bus, sd_bus_message *message, voi
>          if (mode < 0)
>                  return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Job mode %s is invalid.", smode);
>  
> -        r = selinux_access_check(message, "start", error);
> +        r = mac_selinux_access_check(message, "start", error);
>          if (r < 0)
>                  return r;
>  
> @@ -702,7 +702,7 @@ static int method_get_job(sd_bus *bus, sd_bus_message *message, void *userdata,
>          if (!j)
>                  return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_JOB, "Job %u does not exist.", (unsigned) id);
>  
> -        r = selinux_unit_access_check(j->unit, message, "status", error);
> +        r = mac_selinux_unit_access_check(j->unit, message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -742,7 +742,7 @@ static int method_clear_jobs(sd_bus *bus, sd_bus_message *message, void *userdat
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "reboot", error);
> +        r = mac_selinux_access_check(message, "reboot", error);
>          if (r < 0)
>                  return r;
>  
> @@ -759,7 +759,7 @@ static int method_reset_failed(sd_bus *bus, sd_bus_message *message, void *userd
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "reload", error);
> +        r = mac_selinux_access_check(message, "reload", error);
>          if (r < 0)
>                  return r;
>  
> @@ -782,7 +782,7 @@ static int list_units_filtered(sd_bus *bus, sd_bus_message *message, void *userd
>  
>          /* Anyone can call this method */
>  
> -        r = selinux_access_check(message, "status", error);
> +        r = mac_selinux_access_check(message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -870,7 +870,7 @@ static int method_list_jobs(sd_bus *bus, sd_bus_message *message, void *userdata
>  
>          /* Anyone can call this method */
>  
> -        r = selinux_access_check(message, "status", error);
> +        r = mac_selinux_access_check(message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -922,7 +922,7 @@ static int method_subscribe(sd_bus *bus, sd_bus_message *message, void *userdata
>  
>          /* Anyone can call this method */
>  
> -        r = selinux_access_check(message, "status", error);
> +        r = mac_selinux_access_check(message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -957,7 +957,7 @@ static int method_unsubscribe(sd_bus *bus, sd_bus_message *message, void *userda
>  
>          /* Anyone can call this method */
>  
> -        r = selinux_access_check(message, "status", error);
> +        r = mac_selinux_access_check(message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -985,7 +985,7 @@ static int method_dump(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
>  
>          /* Anyone can call this method */
>  
> -        r = selinux_access_check(message, "status", error);
> +        r = mac_selinux_access_check(message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1016,7 +1016,7 @@ static int method_create_snapshot(sd_bus *bus, sd_bus_message *message, void *us
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "start", error);
> +        r = mac_selinux_access_check(message, "start", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1048,7 +1048,7 @@ static int method_remove_snapshot(sd_bus *bus, sd_bus_message *message, void *us
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "stop", error);
> +        r = mac_selinux_access_check(message, "stop", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1080,7 +1080,7 @@ static int method_reload(sd_bus *bus, sd_bus_message *message, void *userdata, s
>          if (r == 0)
>                  return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
>  
> -        r = selinux_access_check(message, "reload", error);
> +        r = mac_selinux_access_check(message, "reload", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1114,7 +1114,7 @@ static int method_reexecute(sd_bus *bus, sd_bus_message *message, void *userdata
>          if (r == 0)
>                  return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
>  
> -        r = selinux_access_check(message, "reload", error);
> +        r = mac_selinux_access_check(message, "reload", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1133,7 +1133,7 @@ static int method_exit(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "halt", error);
> +        r = mac_selinux_access_check(message, "halt", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1153,7 +1153,7 @@ static int method_reboot(sd_bus *bus, sd_bus_message *message, void *userdata, s
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "reboot", error);
> +        r = mac_selinux_access_check(message, "reboot", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1174,7 +1174,7 @@ static int method_poweroff(sd_bus *bus, sd_bus_message *message, void *userdata,
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "halt", error);
> +        r = mac_selinux_access_check(message, "halt", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1194,7 +1194,7 @@ static int method_halt(sd_bus *bus, sd_bus_message *message, void *userdata, sd_
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "halt", error);
> +        r = mac_selinux_access_check(message, "halt", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1214,7 +1214,7 @@ static int method_kexec(sd_bus *bus, sd_bus_message *message, void *userdata, sd
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "reboot", error);
> +        r = mac_selinux_access_check(message, "reboot", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1236,7 +1236,7 @@ static int method_switch_root(sd_bus *bus, sd_bus_message *message, void *userda
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "reboot", error);
> +        r = mac_selinux_access_check(message, "reboot", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1300,7 +1300,7 @@ static int method_set_environment(sd_bus *bus, sd_bus_message *message, void *us
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "reload", error);
> +        r = mac_selinux_access_check(message, "reload", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1326,7 +1326,7 @@ static int method_unset_environment(sd_bus *bus, sd_bus_message *message, void *
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "reload", error);
> +        r = mac_selinux_access_check(message, "reload", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1353,7 +1353,7 @@ static int method_unset_and_set_environment(sd_bus *bus, sd_bus_message *message
>          assert(message);
>          assert(m);
>  
> -        r = selinux_access_check(message, "reload", error);
> +        r = mac_selinux_access_check(message, "reload", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1391,7 +1391,7 @@ static int method_list_unit_files(sd_bus *bus, sd_bus_message *message, void *us
>  
>          /* Anyone can call this method */
>  
> -        r = selinux_access_check(message, "status", error);
> +        r = mac_selinux_access_check(message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1444,7 +1444,7 @@ static int method_get_unit_file_state(sd_bus *bus, sd_bus_message *message, void
>  
>          /* Anyone can call this method */
>  
> -        r = selinux_access_check(message, "status", error);
> +        r = mac_selinux_access_check(message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1473,7 +1473,7 @@ static int method_get_default_target(sd_bus *bus, sd_bus_message *message, void
>  
>          /* Anyone can call this method */
>  
> -        r = selinux_access_check(message, "status", error);
> +        r = mac_selinux_access_check(message, "status", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1585,7 +1585,7 @@ static int method_enable_unit_files_generic(
>          if (r < 0)
>                  return r;
>  
> -        r = selinux_unit_access_check_strv(l, message, m, verb, error);
> +        r = mac_selinux_unit_access_check_strv(l, message, m, verb, error);
>          if (r < 0)
>                  return r;
>  
> @@ -1659,7 +1659,7 @@ static int method_preset_unit_files_with_mode(sd_bus *bus, sd_bus_message *messa
>                          return -EINVAL;
>          }
>  
> -        r = selinux_unit_access_check_strv(l, message, m, "enable", error);
> +        r = mac_selinux_unit_access_check_strv(l, message, m, "enable", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1696,7 +1696,7 @@ static int method_disable_unit_files_generic(
>          if (r == 0)
>                  return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
>  
> -        r = selinux_access_check(message, verb, error);
> +        r = mac_selinux_access_check(message, verb, error);
>          if (r < 0)
>                  return r;
>  
> @@ -1743,7 +1743,7 @@ static int method_set_default_target(sd_bus *bus, sd_bus_message *message, void
>          if (r == 0)
>                  return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
>  
> -        r = selinux_access_check(message, "enable", error);
> +        r = mac_selinux_access_check(message, "enable", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1779,7 +1779,7 @@ static int method_preset_all_unit_files(sd_bus *bus, sd_bus_message *message, vo
>          if (r == 0)
>                  return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
>  
> -        r = selinux_access_check(message, "enable", error);
> +        r = mac_selinux_access_check(message, "enable", error);
>          if (r < 0)
>                  return r;
>  
> @@ -1837,7 +1837,7 @@ static int method_add_dependency_unit_files(sd_bus *bus, sd_bus_message *message
>          if (dep < 0)
>                  return -EINVAL;
>  
> -        r = selinux_unit_access_check_strv(l, message, m, "enable", error);
> +        r = mac_selinux_unit_access_check_strv(l, message, m, "enable", error);
>          if (r < 0)
>                  return r;
>  
> diff --git a/src/core/dbus-snapshot.c b/src/core/dbus-snapshot.c
> index 2a5ef44..06a58e4 100644
> --- a/src/core/dbus-snapshot.c
> +++ b/src/core/dbus-snapshot.c
> @@ -33,7 +33,7 @@ int bus_snapshot_method_remove(sd_bus *bus, sd_bus_message *message, void *userd
>          assert(message);
>          assert(s);
>  
> -        r = selinux_unit_access_check(UNIT(s), message, "stop", error);
> +        r = mac_selinux_unit_access_check(UNIT(s), message, "stop", error);
>          if (r < 0)
>                  return r;
>  
> diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
> index 8fe83ae..9a7e41e 100644
> --- a/src/core/dbus-unit.c
> +++ b/src/core/dbus-unit.c
> @@ -442,7 +442,7 @@ int bus_unit_method_kill(sd_bus *bus, sd_bus_message *message, void *userdata, s
>          if (signo <= 0 || signo >= _NSIG)
>                  return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Signal number out of range.");
>  
> -        r = selinux_unit_access_check(u, message, "stop", error);
> +        r = mac_selinux_unit_access_check(u, message, "stop", error);
>          if (r < 0)
>                  return r;
>  
> @@ -467,7 +467,7 @@ int bus_unit_method_reset_failed(sd_bus *bus, sd_bus_message *message, void *use
>          if (r == 0)
>                  return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
>  
> -        r = selinux_unit_access_check(u, message, "reload", error);
> +        r = mac_selinux_unit_access_check(u, message, "reload", error);
>          if (r < 0)
>                  return r;
>  
> @@ -494,7 +494,7 @@ int bus_unit_method_set_properties(sd_bus *bus, sd_bus_message *message, void *u
>          if (r < 0)
>                  return r;
>  
> -        r = selinux_unit_access_check(u, message, "start", error);
> +        r = mac_selinux_unit_access_check(u, message, "start", error);
>          if (r < 0)
>                  return r;
>  
> @@ -754,7 +754,7 @@ int bus_unit_queue_job(
>                          type = JOB_RELOAD;
>          }
>  
> -        r = selinux_unit_access_check(
> +        r = mac_selinux_unit_access_check(
>                          u, message,
>                          (type == JOB_START || type == JOB_RESTART || type == JOB_TRY_RESTART) ? "start" :
>                          type == JOB_STOP ? "stop" : "reload", error);
> diff --git a/src/core/dbus.c b/src/core/dbus.c
> index 09b4a4a..185057b 100644
> --- a/src/core/dbus.c
> +++ b/src/core/dbus.c
> @@ -211,7 +211,7 @@ failed:
>  }
>  
>  #ifdef HAVE_SELINUX
> -static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
> +static int mac_selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
>          Manager *m = userdata;
>          const char *verb, *path;
>          Unit *u = NULL;
> @@ -239,7 +239,7 @@ static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata,
>  
>          if (object_path_startswith("/org/freedesktop/systemd1", path)) {
>  
> -                r = selinux_access_check(message, verb, error);
> +                r = mac_selinux_access_check(message, verb, error);
>                  if (r < 0)
>                          return r;
>  
> @@ -270,7 +270,7 @@ static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata,
>          if (!u)
>                  return 0;
>  
> -        r = selinux_unit_access_check(u, message, verb, error);
> +        r = mac_selinux_unit_access_check(u, message, verb, error);
>          if (r < 0)
>                  return r;
>  
> @@ -536,7 +536,7 @@ static int bus_setup_api_vtables(Manager *m, sd_bus *bus) {
>          assert(bus);
>  
>  #ifdef HAVE_SELINUX
> -        r = sd_bus_add_filter(bus, NULL, selinux_filter, m);
> +        r = sd_bus_add_filter(bus, NULL, mac_selinux_filter, m);
>          if (r < 0) {
>                  log_error("Failed to add SELinux access filter: %s", strerror(-r));
>                  return r;
> diff --git a/src/core/main.c b/src/core/main.c
> index 95597de..f00ac00 100644
> --- a/src/core/main.c
> +++ b/src/core/main.c
> @@ -1299,11 +1299,11 @@ int main(int argc, char *argv[]) {
>                  if (!skip_setup) {
>                          mount_setup_early();
>                          dual_timestamp_get(&security_start_timestamp);
> -                        if (selinux_setup(&loaded_policy) < 0)
> +                        if (mac_selinux_setup(&loaded_policy) < 0)
>                                  goto finish;
>                          if (ima_setup() < 0)
>                                  goto finish;
> -                        if (smack_setup(&loaded_policy) < 0)
> +                        if (mac_smack_setup(&loaded_policy) < 0)
>                                  goto finish;
>                          dual_timestamp_get(&security_finish_timestamp);
>                  }
> diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
> index 08ea6ef..29d6ef6 100644
> --- a/src/core/selinux-access.c
> +++ b/src/core/selinux-access.c
> @@ -136,7 +136,7 @@ static int access_init(void) {
>          return r;
>  }
>  
> -static int selinux_access_init(sd_bus_error *error) {
> +static int mac_selinux_access_init(sd_bus_error *error) {
>          int r;
>  
>          if (initialized)
> @@ -152,14 +152,17 @@ static int selinux_access_init(sd_bus_error *error) {
>          initialized = true;
>          return 0;
>  }
> +#endif
>  
> -void selinux_access_free(void) {
> +void mac_selinux_access_free(void) {
>  
> +#ifdef HAVE_SELINUX
>          if (!initialized)
>                  return;
>  
>          avc_destroy();
>          initialized = false;
> +#endif
>  }
>  
>  /*
> @@ -168,12 +171,13 @@ void selinux_access_free(void) {
>     If the machine is in permissive mode it will return ok.  Audit messages will
>     still be generated if the access would be denied in enforcing mode.
>  */
> -int selinux_generic_access_check(
> +int mac_selinux_generic_access_check(
>                  sd_bus_message *message,
>                  const char *path,
>                  const char *permission,
>                  sd_bus_error *error) {
>  
> +#ifdef HAVE_SELINUX
>          _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
>          const char *tclass = NULL, *scon = NULL;
>          struct audit_info audit_info = {};
> @@ -189,7 +193,7 @@ int selinux_generic_access_check(
>          if (!mac_selinux_use())
>                  return 0;
>  
> -        r = selinux_access_init(error);
> +        r = mac_selinux_access_init(error);
>          if (r < 0)
>                  return r;
>  
> @@ -248,13 +252,17 @@ finish:
>          }
>  
>          return r;
> +#else
> +        return 0;
> +#endif
>  }
>  
> -int selinux_unit_access_check_strv(char **units,
> +int mac_selinux_unit_access_check_strv(char **units,
>                                  sd_bus_message *message,
>                                  Manager *m,
>                                  const char *permission,
>                                  sd_bus_error *error) {
> +#ifdef HAVE_SELINUX
>          char **i;
>          Unit *u;
>          int r;
> @@ -262,35 +270,11 @@ int selinux_unit_access_check_strv(char **units,
>          STRV_FOREACH(i, units) {
>                  u = manager_get_unit(m, *i);
>                  if (u) {
> -                        r = selinux_unit_access_check(u, message, permission, error);
> +                        r = mac_selinux_unit_access_check(u, message, permission, error);
>                          if (r < 0)
>                                  return r;
>                  }
>          }
> -
> -        return 0;
> -}
> -
> -#else
> -
> -int selinux_generic_access_check(
> -                sd_bus_message *message,
> -                const char *path,
> -                const char *permission,
> -                sd_bus_error *error) {
> -
> -        return 0;
> -}
> -
> -void selinux_access_free(void) {
> -}
> -
> -int selinux_unit_access_check_strv(char **units,
> -                                sd_bus_message *message,
> -                                Manager *m,
> -                                const char *permission,
> -                                sd_bus_error *error) {
> +#endif
>          return 0;
>  }
> -
> -#endif
> diff --git a/src/core/selinux-access.h b/src/core/selinux-access.h
> index 6a4362a..bccf0d2 100644
> --- a/src/core/selinux-access.h
> +++ b/src/core/selinux-access.h
> @@ -26,26 +26,26 @@
>  #include "bus-util.h"
>  #include "manager.h"
>  
> -void selinux_access_free(void);
> +void mac_selinux_access_free(void);
>  
> -int selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
> +int mac_selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
>  
> -int selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error);
> +int mac_selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error);
>  
>  #ifdef HAVE_SELINUX
>  
> -#define selinux_access_check(message, permission, error) \
> -        selinux_generic_access_check((message), NULL, (permission), (error))
> +#define mac_selinux_access_check(message, permission, error) \
> +        mac_selinux_generic_access_check((message), NULL, (permission), (error))
>  
> -#define selinux_unit_access_check(unit, message, permission, error) \
> +#define mac_selinux_unit_access_check(unit, message, permission, error) \
>          ({                                                              \
>                  Unit *_unit = (unit);                                   \
> -                selinux_generic_access_check((message), _unit->fragment_path ?: _unit->fragment_path, (permission), (error)); \
> +                mac_selinux_generic_access_check((message), _unit->fragment_path ?: _unit->fragment_path, (permission), (error)); \
>          })
>  
>  #else
>  
> -#define selinux_access_check(message, permission, error) 0
> -#define selinux_unit_access_check(unit, message, permission, error) 0
> +#define mac_selinux_access_check(message, permission, error) 0
> +#define mac_selinux_unit_access_check(unit, message, permission, error) 0
>  
>  #endif
> diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
> index 4e615c2..25e22b6 100644
> --- a/src/core/selinux-setup.c
> +++ b/src/core/selinux-setup.c
> @@ -43,7 +43,7 @@ static int null_log(int type, const char *fmt, ...) {
>  }
>  #endif
>  
> -int selinux_setup(bool *loaded_policy) {
> +int mac_selinux_setup(bool *loaded_policy) {
>  
>  #ifdef HAVE_SELINUX
>          int enforce = 0;
> diff --git a/src/core/selinux-setup.h b/src/core/selinux-setup.h
> index 39e2bc2..9ac2276 100644
> --- a/src/core/selinux-setup.h
> +++ b/src/core/selinux-setup.h
> @@ -23,4 +23,4 @@
>  
>  #include <stdbool.h>
>  
> -int selinux_setup(bool *loaded_policy);
> +int mac_selinux_setup(bool *loaded_policy);
> diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
> index 5d8a26c..d0fd180 100644
> --- a/src/core/smack-setup.c
> +++ b/src/core/smack-setup.c
> @@ -116,7 +116,7 @@ static int write_rules(const char* dstpath, const char* srcdir) {
>  
>  #endif
>  
> -int smack_setup(bool *loaded_policy) {
> +int mac_smack_setup(bool *loaded_policy) {
>  
>  #ifdef HAVE_SMACK
>  
> diff --git a/src/core/smack-setup.h b/src/core/smack-setup.h
> index 8927096..1cab771 100644
> --- a/src/core/smack-setup.h
> +++ b/src/core/smack-setup.h
> @@ -23,4 +23,4 @@
>    along with systemd; If not, see <http://www.gnu.org/licenses/>.
>  ***/
>  
> -int smack_setup(bool *loaded_policy);
> +int mac_smack_setup(bool *loaded_policy);
> -- 
> 1.9.3
> 
> 
> 
> 


Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list