]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/shared/smack-util.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mac: also rename use_{smack,selinux,apparmor}() calls so that they share the new...
[thirdparty/systemd.git] / src / shared / smack-util.c
CommitLineData
8552b176
AK		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2013 Intel Corporation
7
8 Author: Auke Kok <auke-jan.h.kok@intel.com>
9
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
14
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
19
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
22***/
23
d2edfae0 24#include <sys/xattr.h>
8552b176 25
66b6d9d5
WC		 26#include "util.h"
27#include "path-util.h"
d682b3a7 28#include "smack-util.h"
8552b176 29
6baa7db0 30bool mac_smack_use(void) {
d682b3a7 31#ifdef HAVE_SMACK
6baa7db0 32 static int cached_use = -1;
d682b3a7 33
6baa7db0
LP		 34 if (cached_use < 0)
35 cached_use = access("/sys/fs/smackfs/", F_OK) >= 0;
8552b176 36
6baa7db0 37 return cached_use;
d682b3a7
LP		 38#else
39 return false;
40#endif
41
8552b176 42}
9a4e038c 43
cc56fafe 44int mac_smack_set_path(const char *path, const char *label) {
9a4e038c 45#ifdef HAVE_SMACK
6baa7db0 46 if (!mac_smack_use())
9a4e038c
KS		 47 return 0;
48
49 if (label)
50 return setxattr(path, "security.SMACK64", label, strlen(label), 0);
51 else
52 return lremovexattr(path, "security.SMACK64");
53#else
54 return 0;
55#endif
56}
57
cc56fafe 58int mac_smack_set_fd(int fd, const char *label) {
9a4e038c 59#ifdef HAVE_SMACK
6baa7db0 60 if (!mac_smack_use())
9a4e038c
KS		 61 return 0;
62
63 return fsetxattr(fd, "security.SMACK64", label, strlen(label), 0);
64#else
65 return 0;
66#endif
67}
68
cc56fafe 69int mac_smack_set_ip_out_fd(int fd, const char *label) {
9a4e038c 70#ifdef HAVE_SMACK
6baa7db0 71 if (!mac_smack_use())
9a4e038c
KS		 72 return 0;
73
74 return fsetxattr(fd, "security.SMACK64IPOUT", label, strlen(label), 0);
75#else
76 return 0;
77#endif
78}
79
cc56fafe 80int mac_smack_set_ip_in_fd(int fd, const char *label) {
9a4e038c 81#ifdef HAVE_SMACK
6baa7db0 82 if (!mac_smack_use())
9a4e038c
KS		 83 return 0;
84
85 return fsetxattr(fd, "security.SMACK64IPIN", label, strlen(label), 0);
86#else
87 return 0;
88#endif
89}
66b6d9d5 90
cc56fafe 91int mac_smack_relabel_in_dev(const char *path) {
66b6d9d5
WC		 92 int r = 0;
93
94#ifdef HAVE_SMACK
95 struct stat sb;
96 const char *label;
97
98 /*
99 * Path must be in /dev and must exist
100 */
101 if (!path_startswith(path, "/dev"))
102 return 0;
103
104 r = lstat(path, &sb);
105 if (r < 0)
106 return -errno;
107
108 /*
109 * Label directories and character devices "*".
110 * Label symlinks "_".
111 * Don't change anything else.
112 */
113 if (S_ISDIR(sb.st_mode))
114 label = SMACK_STAR_LABEL;
115 else if (S_ISLNK(sb.st_mode))
116 label = SMACK_FLOOR_LABEL;
117 else if (S_ISCHR(sb.st_mode))
118 label = SMACK_STAR_LABEL;
119 else
120 return 0;
121
122 r = setxattr(path, "security.SMACK64", label, strlen(label), 0);
123 if (r < 0) {
124 log_error("Smack relabeling \"%s\" %m", path);
125 return -errno;
126 }
127#endif
128
129 return r;
130}
Unnamed repository; edit this file 'description' to name the repository.