]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/selinux-setup.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
relicense to LGPLv2.1 (with exceptions)
[thirdparty/systemd.git] / src / core / selinux-setup.c
CommitLineData
c4dcdb9f
LP		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
c4dcdb9f
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
c4dcdb9f 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
c4dcdb9f
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <unistd.h>
23#include <stdio.h>
24#include <errno.h>
25#include <string.h>
26#include <stdlib.h>
27
28#ifdef HAVE_SELINUX
29#include <selinux/selinux.h>
30#endif
31
32#include "selinux-setup.h"
4ef31082 33#include "mount-setup.h"
c4dcdb9f
LP		 34#include "macro.h"
35#include "util.h"
36#include "log.h"
0b3325e7
LP		 37#include "label.h"
38
39int selinux_setup(bool *loaded_policy) {
c4dcdb9f 40
c4dcdb9f
LP		 41#ifdef HAVE_SELINUX
42 int enforce = 0;
0b3325e7 43 usec_t before_load, after_load;
0843f2d6 44 security_context_t con;
0b3325e7
LP		 45 int r;
46
47 assert(loaded_policy);
c4dcdb9f 48
4ef31082
LP		 49 /* Make sure getcon() works, which needs /proc and /sys */
50 mount_setup_early();
51
0b3325e7
LP		 52 /* Already initialized by somebody else? */
53 r = getcon_raw(&con);
54 if (r == 0) {
0843f2d6
LP		 55 bool initialized;
56
57 initialized = !streq(con, "kernel");
58 freecon(con);
59
60 if (initialized)
61 return 0;
62 }
c4dcdb9f 63
0b3325e7
LP		 64 /* Make sure we have no fds open while loading the policy and
65 * transitioning */
66 log_close();
1829dc9d 67
0b3325e7
LP		 68 /* Now load the policy */
69 before_load = now(CLOCK_MONOTONIC);
70 r = selinux_init_load_policy(&enforce);
871e5809 71
0b3325e7
LP		 72 if (r == 0) {
73 char timespan[FORMAT_TIMESPAN_MAX];
74 char *label;
c4dcdb9f 75
4d4c7486
LP		 76 label_retest_selinux();
77
0b3325e7
LP		 78 /* Transition to the new context */
79 r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
4ef31082 80 if (r < 0 || label == NULL) {
0b3325e7
LP		 81 log_open();
82 log_error("Failed to compute init label, ignoring.");
83 } else {
84 r = setcon(label);
c4dcdb9f 85
0b3325e7
LP		 86 log_open();
87 if (r < 0)
88 log_error("Failed to transition into init label '%s', ignoring.", label);
c4dcdb9f 89
0b3325e7
LP		 90 label_free(label);
91 }
92
93 after_load = now(CLOCK_MONOTONIC);
1829dc9d 94
0b3325e7
LP		 95 log_info("Successfully loaded SELinux policy in %s.",
96 format_timespan(timespan, sizeof(timespan), after_load - before_load));
97
98 *loaded_policy = true;
99
100 } else {
878587bd
LP		 101 log_open();
102
25bafad6 103 if (enforce > 0) {
878587bd 104 log_error("Failed to load SELinux policy. Freezing.");
c4dcdb9f 105 return -EIO;
0b3325e7 106 } else
878587bd 107 log_debug("Unable to load SELinux policy. Ignoring.");
c4dcdb9f
LP		 108 }
109#endif
110
111 return 0;
112}
Unnamed repository; edit this file 'description' to name the repository.