]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/ima-setup.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
build-sys: use #if Y instead of #ifdef Y everywhere
[thirdparty/systemd.git] / src / core / ima-setup.c
CommitLineData
81611586
RS		 1/***
2 This file is part of systemd.
3
4 Copyright 2010 Lennart Poettering
5 Copyright (C) 2012 Roberto Sassu - Politecnico di Torino, Italy
ccddd104 6 TORSEC group — http://security.polito.it
81611586
RS		 7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
81611586
RS		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
81611586 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
81611586
RS		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
81611586 22#include <errno.h>
cf0fbc49 23#include <unistd.h>
81611586 24
3ffd4af2 25#include "fd-util.h"
0d39fa9c 26#include "fileio.h"
81611586 27#include "ima-setup.h"
81611586 28#include "log.h"
3ffd4af2 29#include "util.h"
81611586
RS		 30
31#define IMA_SECFS_DIR "/sys/kernel/security/ima"
32#define IMA_SECFS_POLICY IMA_SECFS_DIR "/policy"
33#define IMA_POLICY_PATH "/etc/ima/ima-policy"
34
35int ima_setup(void) {
349cc4a5 36#if HAVE_IMA
92994160
ZJS		 37 _cleanup_fclose_ FILE *input = NULL;
38 _cleanup_close_ int imafd = -1;
39 unsigned lineno = 0;
40 char line[page_size()];
4ab72d6f 41
4dfb1892 42 if (access(IMA_SECFS_DIR, F_OK) < 0) {
4ab72d6f
WW		 43 log_debug("IMA support is disabled in the kernel, ignoring.");
44 return 0;
45 }
46
e8e42b31
SB		 47 if (access(IMA_SECFS_POLICY, W_OK) < 0) {
48 log_warning("Another IMA custom policy has already been loaded, ignoring.");
49 return 0;
50 }
51
a2c74c0c
BG		 52 if (access(IMA_POLICY_PATH, F_OK) < 0) {
53 log_debug("No IMA custom policy file "IMA_POLICY_PATH", ignoring.");
54 return 0;
55 }
56
e8e42b31
SB		 57 imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
58 if (imafd < 0) {
59 log_error_errno(errno, "Failed to open the IMA kernel interface "IMA_SECFS_POLICY", ignoring: %m");
60 return 0;
61 }
62
63 /* attempt to write the name of the policy file into sysfs file */
64 if (write(imafd, IMA_POLICY_PATH, strlen(IMA_POLICY_PATH)) > 0)
65 goto done;
66
67 /* fall back to copying the policy line-by-line */
92994160
ZJS		 68 input = fopen(IMA_POLICY_PATH, "re");
69 if (!input) {
a2c74c0c 70 log_warning_errno(errno, "Failed to open the IMA custom policy file "IMA_POLICY_PATH", ignoring: %m");
4ab72d6f
WW		 71 return 0;
72 }
73
e8e42b31 74 close(imafd);
4ab72d6f
WW		 75
76 imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
77 if (imafd < 0) {
4dfb1892
ZJS		 78 log_error_errno(errno, "Failed to open the IMA kernel interface "IMA_SECFS_POLICY", ignoring: %m");
79 return 0;
4ab72d6f
WW		 80 }
81
92994160
ZJS		 82 FOREACH_LINE(line, input,
83 return log_error_errno(errno, "Failed to read the IMA custom policy file "IMA_POLICY_PATH": %m")) {
84 size_t len;
116b6c86 85
92994160
ZJS		 86 len = strlen(line);
87 lineno++;
116b6c86 88
92994160
ZJS		 89 if (len > 0 && write(imafd, line, len) < 0)
90 return log_error_errno(errno, "Failed to load the IMA custom policy file "IMA_POLICY_PATH"%u: %m",
91 lineno);
92 }
4ab72d6f 93
e8e42b31 94done:
92994160 95 log_info("Successfully loaded the IMA custom policy "IMA_POLICY_PATH".");
81611586 96#endif /* HAVE_IMA */
92994160 97 return 0;
81611586 98}
Unnamed repository; edit this file 'description' to name the repository.