diff options
| author | Colin Walters <walters@verbum.org> | 2017-03-20 20:51:22 -0400 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2017-03-22 16:24:06 +0000 |
| commit | 7b2370dc869ce5ba76769853ef7fd0b081b15010 (patch) | |
| tree | 0cfa81ee2fdce314e3edcd5e5facf5247297e21a | |
| parent | d7f4a326b98cb1bfe3fb939348620013e1ec5a9b (diff) | |
| download | ostree-7b2370dc869ce5ba76769853ef7fd0b081b15010.tar.gz | |
sepolicy: Add better private API for setfscreatecon
Use `g_auto()` more sanely with a struct implmenting the "is initialized"
pattern. This is way less ugly for callers, and fixes bugs like
us calling `setfscreatecon()` even if an error occurred beforehand.
Also fold in the logic for "NULL or not loaded" sepolicy into the setup rather
than requiring callers to inline it.
Prep for more users of this function.
Closes: #746
Approved by: jlebon
| -rw-r--r-- | src/libostree/ostree-sepolicy-private.h | 41 | ||||
| -rw-r--r-- | src/libostree/ostree-sepolicy.c | 29 | ||||
| -rw-r--r-- | src/libostree/ostree-sysroot-deploy.c | 44 |
3 files changed, 83 insertions, 31 deletions
diff --git a/src/libostree/ostree-sepolicy-private.h b/src/libostree/ostree-sepolicy-private.h new file mode 100644 index 00000000..55d49eaf --- /dev/null +++ b/src/libostree/ostree-sepolicy-private.h @@ -0,0 +1,41 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- + * + * Copyright (C) 2017 Colin Walters <walters@verbum.org> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place - Suite 330, + * Boston, MA 02111-1307, USA. + */ + +#pragma once + +#include "ostree-types.h" + +G_BEGIN_DECLS + +typedef struct { + gboolean initialized; +} OstreeSepolicyFsCreatecon; + +void _ostree_sepolicy_fscreatecon_clear (OstreeSepolicyFsCreatecon *con); +G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(OstreeSepolicyFsCreatecon, _ostree_sepolicy_fscreatecon_clear) + +gboolean _ostree_sepolicy_preparefscreatecon (OstreeSepolicyFsCreatecon *con, + OstreeSePolicy *self, + const char *path, + guint32 mode, + GError **error); + + +G_END_DECLS diff --git a/src/libostree/ostree-sepolicy.c b/src/libostree/ostree-sepolicy.c index 833583da..ea4e46b1 100644 --- a/src/libostree/ostree-sepolicy.c +++ b/src/libostree/ostree-sepolicy.c @@ -28,6 +28,7 @@ #include "otutil.h" #include "ostree-sepolicy.h" +#include "ostree-sepolicy-private.h" #include "ostree-bootloader-uboot.h" #include "ostree-bootloader-syslinux.h" @@ -690,3 +691,31 @@ ostree_sepolicy_fscreatecon_cleanup (void **unused) setfscreatecon (NULL); #endif } + +/* Currently private copy of the older sepolicy/fscreatecon API with a nicer + * g_auto() cleanup. May be made public later. + */ +gboolean +_ostree_sepolicy_preparefscreatecon (OstreeSepolicyFsCreatecon *con, + OstreeSePolicy *self, + const char *path, + guint32 mode, + GError **error) +{ + if (!self || ostree_sepolicy_get_name (self) == NULL) + return TRUE; + + if (!ostree_sepolicy_setfscreatecon (self, path, mode, error)) + return FALSE; + + con->initialized = TRUE; + return TRUE; +} + +void +_ostree_sepolicy_fscreatecon_clear (OstreeSepolicyFsCreatecon *con) +{ + if (!con->initialized) + return; + ostree_sepolicy_fscreatecon_cleanup (NULL); +} diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c index 6bf01a16..45707fe7 100644 --- a/src/libostree/ostree-sysroot-deploy.c +++ b/src/libostree/ostree-sysroot-deploy.c @@ -30,6 +30,7 @@ #endif #include "ostree-sysroot-private.h" +#include "ostree-sepolicy-private.h" #include "ostree-deployment-private.h" #include "ostree-core-private.h" #include "ostree-linuxfsutil.h" @@ -733,21 +734,13 @@ selinux_relabel_var_if_needed (OstreeSysroot *sysroot, return FALSE; } -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wunused-variable" - { ostree_cleanup_sepolicy_fscreatecon gpointer dummy = NULL; -#pragma GCC diagnostic pop - - if (sysroot->sepolicy != NULL - && ostree_sepolicy_get_name (sysroot->sepolicy) != NULL) - { - const char *selabeled_abspath = glnx_strjoina ("/", selabeled); - if (!ostree_sepolicy_setfscreatecon (sysroot->sepolicy, - selabeled_abspath, - 0644, - error)) - return FALSE; - } + { g_auto(OstreeSepolicyFsCreatecon) con = { 0, }; + const char *selabeled_abspath = glnx_strjoina ("/", selabeled); + + if (!_ostree_sepolicy_preparefscreatecon (&con, sysroot->sepolicy, + selabeled_abspath, + 0644, error)) + return FALSE; if (!glnx_file_replace_contents_at (os_deploy_dfd, selabeled, (guint8*)"", 0, GLNX_FILE_REPLACE_DATASYNC_NEW, @@ -2112,23 +2105,12 @@ ostree_sysroot_deploy_tree (OstreeSysroot *self, return FALSE; } -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wunused-variable" - { ostree_cleanup_sepolicy_fscreatecon gpointer dummy = NULL; -#pragma GCC diagnostic pop + { g_auto(OstreeSepolicyFsCreatecon) con = { 0, }; - /* Explicitly override the label for the origin file to ensure - * it's system_conf_t. - */ - if (self->sepolicy != NULL - && ostree_sepolicy_get_name (self->sepolicy) != NULL) - { - if (!ostree_sepolicy_setfscreatecon (self->sepolicy, - "/etc/ostree/remotes.d/dummy.conf", - 0644, - error)) - return FALSE; - } + if (!_ostree_sepolicy_preparefscreatecon (&con, self->sepolicy, + "/etc/ostree/remotes.d/dummy.conf", + 0644, error)) + return FALSE; /* Don't fsync here, as we assume that's all done in * ostree_sysroot_write_deployments(). |