projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| c4dcdb9f LP |
1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
| 2 | ||
| 3 | /*** | |
| 4 | This file is part of systemd. | |
| 5 | ||
| 6 | Copyright 2010 Lennart Poettering | |
| 7 | ||
| 8 | systemd is free software; you can redistribute it and/or modify it | |
| 9 | under the terms of the GNU General Public License as published by | |
| 10 | the Free Software Foundation; either version 2 of the License, or | |
| 11 | (at your option) any later version. | |
| 12 | ||
| 13 | systemd is distributed in the hope that it will be useful, but | |
| 14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 16 | General Public License for more details. | |
| 17 | ||
| 18 | You should have received a copy of the GNU General Public License | |
| 19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
| 20 | ***/ | |
| 21 | ||
| 22 | #include <unistd.h> | |
| 23 | #include <stdio.h> | |
| 24 | #include <errno.h> | |
| 25 | #include <string.h> | |
| 26 | #include <stdlib.h> | |
| 27 | ||
| 28 | #ifdef HAVE_SELINUX | |
| 29 | #include <selinux/selinux.h> | |
| 30 | #endif | |
| 31 | ||
| 32 | #include "selinux-setup.h" | |
| 33 | #include "macro.h" | |
| 34 | #include "util.h" | |
| 35 | #include "log.h" | |
| 36 | ||
| 37 | int selinux_setup(char *const argv[]) { | |
| 38 | #ifdef HAVE_SELINUX | |
| 39 | int enforce = 0; | |
| 40 | ||
| 41 | /* Already initialized? */ | |
| ef9d7dca MS |
42 | if (path_is_mount_point("/sys/fs/selinux") > 0 || |
| 43 | path_is_mount_point("/selinux") > 0) | |
| c4dcdb9f LP |
44 | return 0; |
| 45 | ||
| 1829dc9d | 46 | /* Before we load the policy we create a flag file to ensure |
| 3bbecb2f LP |
47 | * that after the reexec we iterate through /run and /dev to |
| 48 | * relabel things. */ | |
| 49 | touch("/dev/.systemd-relabel-run-dev"); | |
| 1829dc9d | 50 | |
| c4dcdb9f | 51 | if (selinux_init_load_policy(&enforce) == 0) { |
| 1829dc9d | 52 | log_debug("Successfully loaded SELinux policy, reexecuting."); |
| c4dcdb9f LP |
53 | |
| 54 | /* FIXME: Ideally we'd just call setcon() here instead | |
| 55 | * of having to reexecute ourselves here. */ | |
| 56 | ||
| 57 | execv(SYSTEMD_BINARY_PATH, argv); | |
| 58 | log_error("Failed to reexecute: %m"); | |
| 59 | return -errno; | |
| 60 | ||
| 61 | } else { | |
| 2e60ecb2 | 62 | log_full(enforce > 0 ? LOG_ERR : LOG_WARNING, "Failed to load SELinux policy."); |
| c4dcdb9f | 63 | |
| 3bbecb2f | 64 | unlink("/dev/.systemd-relabel-run-dev"); |
| 1829dc9d | 65 | |
| c4dcdb9f LP |
66 | if (enforce > 0) |
| 67 | return -EIO; | |
| 68 | } | |
| 69 | #endif | |
| 70 | ||
| 71 | return 0; | |
| 72 | } |