[thirdparty/systemd.git] / src / core / smack-setup.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright (C) 2013 Intel Corporation
  Authors:
        Nathaniel Chen <nathaniel.chen@intel.com>

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published
  by the Free Software Foundation; either version 2.1 of the License,
  or (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/vfs.h>
#include <fcntl.h>
#include <sys/types.h>
#include <dirent.h>
#include <sys/mount.h>
#include <stdint.h>

#include "macro.h"
#include "smack-setup.h"
#include "util.h"
#include "log.h"
#include "label.h"

#define ACCESSES_D_PATH "/etc/smack/accesses.d/"

int smack_setup(void) {
        _cleanup_fclose_ FILE *smack = NULL;
        _cleanup_closedir_ DIR *dir = NULL;
        struct dirent *entry;
        char buf[NAME_MAX];
        int dfd = -1;

        smack = fopen("/sys/fs/smackfs/load2", "we");
        if (!smack)  {
                log_info("Smack is not enabled in the kernel, not loading access rules.");
                return 0;
        }

        /* write rules to load2 from every file in the directory */
        dir = opendir(ACCESSES_D_PATH);
        if (!dir) {
                log_info("Smack access rules directory not found: " ACCESSES_D_PATH);
                return 0;
        }

        dfd = dirfd(dir);
        if (dfd < 0) {
                log_error("Smack access rules directory " ACCESSES_D_PATH " not opened: %m");
                return 0;
        }

        FOREACH_DIRENT(entry, dir, return 0) {
                _cleanup_fclose_ FILE *policy = NULL;
                _cleanup_close_ int pol = -1;

                pol = openat(dfd, entry->d_name, O_RDONLY|O_CLOEXEC);
                if (pol < 0) {
                        log_error("Smack access rule file %s not opened: %m", entry->d_name);
                        continue;
                }

                policy = fdopen(pol, "re");
                if (!policy) {
                        log_error("Smack access rule file %s not opened: %m", entry->d_name);
                        continue;
                }

                pol = -1;

                /* load2 write rules in the kernel require a line buffered stream */
                FOREACH_LINE(buf, policy, log_error("Failed to read from Smack access rule file %s: %m", entry->d_name)) {
                        fputs(buf, smack);
                        fflush(smack);
                }
        }

        log_info("Successfully loaded Smack policies.");

        return 0;
}
Commit	Line	Data
ffbd2c4d NC	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright (C) 2013 Intel Corporation
	7	Authors:
	8	Nathaniel Chen <nathaniel.chen@intel.com>
	9
	10	systemd is free software; you can redistribute it and/or modify it
	11	under the terms of the GNU Lesser General Public License as published
	12	by the Free Software Foundation; either version 2.1 of the License,
	13	or (at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	18	Lesser General Public License for more details.
	19
	20	You should have received a copy of the GNU Lesser General Public License
	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	***/
	23
	24	#include <stdio.h>
	25	#include <errno.h>
	26	#include <string.h>
	27	#include <unistd.h>
	28	#include <stdlib.h>
	29	#include <sys/vfs.h>
	30	#include <fcntl.h>
	31	#include <sys/types.h>
	32	#include <dirent.h>
	33	#include <sys/mount.h>
	34	#include <stdint.h>
	35
	36	#include "macro.h"
	37	#include "smack-setup.h"
	38	#include "util.h"
	39	#include "log.h"
	40	#include "label.h"
	41
	42	#define ACCESSES_D_PATH "/etc/smack/accesses.d/"
	43
	44	int smack_setup(void) {
	45	_cleanup_fclose_ FILE *smack = NULL;
	46	_cleanup_closedir_ DIR *dir = NULL;
	47	struct dirent *entry;
	48	char buf[NAME_MAX];
	49	int dfd = -1;
	50
	51	smack = fopen("/sys/fs/smackfs/load2", "we");
	52	if (!smack) {
	53	log_info("Smack is not enabled in the kernel, not loading access rules.");
	54	return 0;
	55	}
	56
	57	/* write rules to load2 from every file in the directory */
	58	dir = opendir(ACCESSES_D_PATH);
	59	if (!dir) {
	60	log_info("Smack access rules directory not found: " ACCESSES_D_PATH);
	61	return 0;
	62	}
	63
	64	dfd = dirfd(dir);
65	if (dfd < 0) {
66	log_error("Smack access rules directory " ACCESSES_D_PATH " not opened: %m");
67	return 0;
68	}
69
70	FOREACH_DIRENT(entry, dir, return 0) {
71	_cleanup_fclose_ FILE *policy = NULL;
72	_cleanup_close_ int pol = -1;
73
74	pol = openat(dfd, entry->d_name, O_RDONLY\|O_CLOEXEC);
75	if (pol < 0) {
76	log_error("Smack access rule file %s not opened: %m", entry->d_name);
77	continue;
78	}
79
80	policy = fdopen(pol, "re");
81	if (!policy) {
82	log_error("Smack access rule file %s not opened: %m", entry->d_name);
83	continue;
84	}
85
86	pol = -1;
87
88	/* load2 write rules in the kernel require a line buffered stream */
89	FOREACH_LINE(buf, policy, log_error("Failed to read from Smack access rule file %s: %m", entry->d_name)) {
90	fputs(buf, smack);
91	fflush(smack);
92	}
93	}
94
95	log_info("Successfully loaded Smack policies.");
96
97	return 0;
98	}