--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <errno.h>
+#include <stddef.h>
+
+#include "label.h"
+
+static const LabelOps *label_ops = NULL;
+
+int label_ops_set(const LabelOps *ops) {
+ if (label_ops)
+ return -EBUSY;
+
+ label_ops = ops;
+ return 0;
+}
+
+int label_ops_pre(int dir_fd, const char *path, mode_t mode) {
+ if (!label_ops || !label_ops->pre)
+ return 0;
+
+ return label_ops->pre(dir_fd, path, mode);
+}
+
+int label_ops_post(int dir_fd, const char *path) {
+ if (!label_ops || !label_ops->post)
+ return 0;
+
+ return label_ops->post(dir_fd, path);
+}
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <sys/types.h>
+
+typedef struct LabelOps {
+ int (*pre)(int dir_fd, const char *path, mode_t mode);
+ int (*post)(int dir_fd, const char *path);
+} LabelOps;
+
+int label_ops_set(const LabelOps *label_ops);
+
+int label_ops_pre(int dir_fd, const char *path, mode_t mode);
+int label_ops_post(int dir_fd, const char *path);
'inotify-util.c',
'io-util.c',
'ioprio-util.c',
+ 'label.c',
'limits-util.c',
'locale-util.c',
'lock-util.c',
goto finish;
}
- if (mac_selinux_init() < 0) {
- error_message = "Failed to initialize SELinux support";
+ if (mac_init() < 0) {
+ error_message = "Failed to initialize MAC support";
goto finish;
}
* operate. */
capability_ambient_set_apply(0, /* also_inherit= */ false);
- if (mac_selinux_init() < 0) {
- error_message = "Failed to initialize SELinux support";
+ if (mac_init() < 0) {
+ error_message = "Failed to initialize MAC support";
goto finish;
}
}
umask(0022);
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
if (r <= 0)
return r;
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
umask(0022);
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
umask(0022);
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
umask(0022);
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Edit is only supported on the host machine.");
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
umask(0022);
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
#include "btrfs-util.h"
#include "fs-util.h"
+#include "label.h"
#include "label-util.h"
#include "macro.h"
#include "selinux-util.h"
return mac_smack_fix(path, 0);
}
+
+int mac_init(void) {
+ int r;
+
+ assert(!(mac_selinux_use() && mac_smack_use()));
+
+ r = mac_selinux_init();
+ if (r < 0)
+ return r;
+
+ return mac_smack_init();
+}
int mknod_label(const char *pathname, mode_t mode, dev_t dev);
int btrfs_subvol_make_label(const char *path);
+
+int mac_init(void);
#include "alloc-util.h"
#include "errno-util.h"
#include "fd-util.h"
+#include "label.h"
#include "log.h"
#include "macro.h"
#include "mallinfo-util.h"
: -ERRNO_VALUE(_e); \
_enforcing ? _r : 0; \
})
+
+static int mac_selinux_label_pre(int dir_fd, const char *path, mode_t mode) {
+ return mac_selinux_create_file_prepare_at(dir_fd, path, mode);
+}
+
+static int mac_selinux_label_post(int dir_fd, const char *path) {
+ mac_selinux_create_file_clear();
+ return 0;
+}
#endif
bool mac_selinux_use(void) {
int mac_selinux_init(void) {
#if HAVE_SELINUX
+ static const LabelOps label_ops = {
+ .pre = mac_selinux_label_pre,
+ .post = mac_selinux_label_post,
+ };
int r;
if (initialized)
return r;
}
+ r = label_ops_set(&label_ops);
+ if (r < 0)
+ return r;
+
/* Save the current policyload sequence number, so mac_selinux_maybe_reload() does not trigger on
* first call without any actual change. */
last_policyload = selinux_status_policyload();
#include "errno-util.h"
#include "fd-util.h"
#include "fileio.h"
+#include "label.h"
#include "log.h"
#include "macro.h"
#include "path-util.h"
return 0;
#endif
}
+
+static int mac_smack_label_pre(int dir_fd, const char *path, mode_t mode) {
+ return 0;
+}
+
+static int mac_smack_label_post(int dir_fd, const char *path) {
+ return mac_smack_fix_full(dir_fd, path, NULL, 0);
+}
+
+int mac_smack_init(void) {
+ static const LabelOps label_ops = {
+ .pre = mac_smack_label_pre,
+ .post = mac_smack_label_post,
+ };
+
+ if (!mac_smack_use())
+ return 0;
+
+ return label_ops_set(&label_ops);
+}
} SmackAttr;
bool mac_smack_use(void);
+int mac_smack_init(void);
int mac_smack_fix_full(int atfd, const char *inode_path, const char *label_path, LabelFixFlags flags);
static inline int mac_smack_fix(const char *path, LabelFixFlags flags) {
if (r < 0)
return r;
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
umask(0022);
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
log_debug("version %s", GIT_VERSION);
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
}
}
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
umask(0022);
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
if (r <= 0)
return r;
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
/* set umask before creating any file/directory */
umask(022);
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
return EXIT_FAILURE;
}
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return EXIT_FAILURE;
umask(0022);
- r = mac_selinux_init();
+ r = mac_init();
if (r < 0)
return r;
projects / thirdparty / systemd.git / commitdiff
