]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/socket-label.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: assorted coccinelle fixes
[thirdparty/systemd.git] / src / basic / socket-label.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <errno.h>
4 #include <netinet/in.h>
5 #include <stdbool.h>
6 #include <stddef.h>
7 #include <string.h>
8 #include <sys/un.h>
9 #include <unistd.h>
10
11 #include "alloc-util.h"
12 #include "fd-util.h"
13 #include "fs-util.h"
14 #include "log.h"
15 #include "macro.h"
16 #include "missing_socket.h"
17 #include "mkdir.h"
18 #include "selinux-util.h"
19 #include "socket-util.h"
20 #include "umask-util.h"
21
22 int socket_address_listen(
23 const SocketAddress *a,
24 int flags,
25 int backlog,
26 SocketAddressBindIPv6Only only,
27 const char *bind_to_device,
28 bool reuse_port,
29 bool free_bind,
30 bool transparent,
31 mode_t directory_mode,
32 mode_t socket_mode,
33 const char *label) {
34
35 _cleanup_close_ int fd = -1;
36 const char *p;
37 int r;
38
39 assert(a);
40
41 r = socket_address_verify(a, true);
42 if (r < 0)
43 return r;
44
45 if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
46 return -EAFNOSUPPORT;
47
48 if (label) {
49 r = mac_selinux_create_socket_prepare(label);
50 if (r < 0)
51 return r;
52 }
53
54 fd = socket(socket_address_family(a), a->type | flags, a->protocol);
55 r = fd < 0 ? -errno : 0;
56
57 if (label)
58 mac_selinux_create_socket_clear();
59
60 if (r < 0)
61 return r;
62
63 if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
64 r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_V6ONLY, only == SOCKET_ADDRESS_IPV6_ONLY);
65 if (r < 0)
66 return r;
67 }
68
69 if (IN_SET(socket_address_family(a), AF_INET, AF_INET6)) {
70 if (bind_to_device) {
71 r = socket_bind_to_ifname(fd, bind_to_device);
72 if (r < 0)
73 return r;
74 }
75
76 if (reuse_port) {
77 r = setsockopt_int(fd, SOL_SOCKET, SO_REUSEPORT, true);
78 if (r < 0)
79 log_warning_errno(r, "SO_REUSEPORT failed: %m");
80 }
81
82 if (free_bind) {
83 r = socket_set_freebind(fd, socket_address_family(a), true);
84 if (r < 0)
85 log_warning_errno(r, "IP_FREEBIND/IPV6_FREEBIND failed: %m");
86 }
87
88 if (transparent) {
89 r = socket_set_transparent(fd, socket_address_family(a), true);
90 if (r < 0)
91 log_warning_errno(r, "IP_TRANSPARENT/IPV6_TRANSPARENT failed: %m");
92 }
93 }
94
95 r = setsockopt_int(fd, SOL_SOCKET, SO_REUSEADDR, true);
96 if (r < 0)
97 return r;
98
99 p = socket_address_get_path(a);
100 if (p) {
101 /* Create parents */
102 (void) mkdir_parents_label(p, directory_mode);
103
104 /* Enforce the right access mode for the socket */
105 RUN_WITH_UMASK(~socket_mode) {
106 r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
107 if (r == -EADDRINUSE) {
108 /* Unlink and try again */
109
110 if (unlink(p) < 0)
111 return r; /* didn't work, return original error */
112
113 r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
114 }
115 if (r < 0)
116 return r;
117 }
118 } else {
119 if (bind(fd, &a->sockaddr.sa, a->size) < 0)
120 return -errno;
121 }
122
123 if (socket_address_can_accept(a))
124 if (listen(fd, backlog) < 0)
125 return -errno;
126
127 /* Let's trigger an inotify event on the socket node, so that anyone waiting for this socket to be connectable
128 * gets notified */
129 if (p)
130 (void) touch(p);
131
132 return TAKE_FD(fd);
133 }
Unnamed repository; edit this file 'description' to name the repository.