]>
Commit | Line | Data |
---|---|---|
ffbd2c4d NC |
1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
2 | ||
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright (C) 2013 Intel Corporation | |
7 | Authors: | |
8 | Nathaniel Chen <nathaniel.chen@intel.com> | |
9 | ||
10 | systemd is free software; you can redistribute it and/or modify it | |
11 | under the terms of the GNU Lesser General Public License as published | |
12 | by the Free Software Foundation; either version 2.1 of the License, | |
13 | or (at your option) any later version. | |
14 | ||
15 | systemd is distributed in the hope that it will be useful, but | |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | Lesser General Public License for more details. | |
19 | ||
20 | You should have received a copy of the GNU Lesser General Public License | |
21 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
22 | ***/ | |
23 | ||
24 | #include <stdio.h> | |
25 | #include <errno.h> | |
26 | #include <string.h> | |
27 | #include <unistd.h> | |
28 | #include <stdlib.h> | |
29 | #include <sys/vfs.h> | |
30 | #include <fcntl.h> | |
31 | #include <sys/types.h> | |
32 | #include <dirent.h> | |
33 | #include <sys/mount.h> | |
34 | #include <stdint.h> | |
35 | ||
36 | #include "macro.h" | |
37 | #include "smack-setup.h" | |
38 | #include "util.h" | |
39 | #include "log.h" | |
40 | #include "label.h" | |
41 | ||
42 | #define ACCESSES_D_PATH "/etc/smack/accesses.d/" | |
43 | ||
44 | int smack_setup(void) { | |
45 | _cleanup_fclose_ FILE *smack = NULL; | |
46 | _cleanup_closedir_ DIR *dir = NULL; | |
47 | struct dirent *entry; | |
48 | char buf[NAME_MAX]; | |
49 | int dfd = -1; | |
50 | ||
51 | smack = fopen("/sys/fs/smackfs/load2", "we"); | |
52 | if (!smack) { | |
53 | log_info("Smack is not enabled in the kernel, not loading access rules."); | |
54 | return 0; | |
55 | } | |
56 | ||
57 | /* write rules to load2 from every file in the directory */ | |
58 | dir = opendir(ACCESSES_D_PATH); | |
59 | if (!dir) { | |
60 | log_info("Smack access rules directory not found: " ACCESSES_D_PATH); | |
61 | return 0; | |
62 | } | |
63 | ||
64 | dfd = dirfd(dir); | |
65 | if (dfd < 0) { | |
66 | log_error("Smack access rules directory " ACCESSES_D_PATH " not opened: %m"); | |
67 | return 0; | |
68 | } | |
69 | ||
70 | FOREACH_DIRENT(entry, dir, return 0) { | |
71 | _cleanup_fclose_ FILE *policy = NULL; | |
72 | _cleanup_close_ int pol = -1; | |
73 | ||
74 | pol = openat(dfd, entry->d_name, O_RDONLY|O_CLOEXEC); | |
75 | if (pol < 0) { | |
76 | log_error("Smack access rule file %s not opened: %m", entry->d_name); | |
77 | continue; | |
78 | } | |
79 | ||
80 | policy = fdopen(pol, "re"); | |
81 | if (!policy) { | |
82 | log_error("Smack access rule file %s not opened: %m", entry->d_name); | |
83 | continue; | |
84 | } | |
85 | ||
86 | pol = -1; | |
87 | ||
88 | /* load2 write rules in the kernel require a line buffered stream */ | |
89 | FOREACH_LINE(buf, policy, log_error("Failed to read from Smack access rule file %s: %m", entry->d_name)) { | |
90 | fputs(buf, smack); | |
91 | fflush(smack); | |
92 | } | |
93 | } | |
94 | ||
95 | log_info("Successfully loaded Smack policies."); | |
96 | ||
97 | return 0; | |
98 | } |