summaryrefslogtreecommitdiff
path: root/src/core/smack-setup.c
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: use -EBADF for fd initializationZbigniew Jędrzejewski-Szmek2022-12-191-6/+6
| | | | | | | | | | | | | | | | -1 was used everywhere, but -EBADF or -EBADFD started being used in various places. Let's make things consistent in the new style. Note that there are two candidates: EBADF 9 Bad file descriptor EBADFD 77 File descriptor in bad state Since we're initializating the fd, we're just assigning a value that means "no fd yet", so it's just a bad file descriptor, and the first errno fits better. If instead we had a valid file descriptor that became invalid because of some operation or state change, the other errno would fit better. In some places, initialization is dropped if unnecessary.
* basic: rename util.h to logarithm.hZbigniew Jędrzejewski-Szmek2022-11-081-1/+0
| | | | | util.h is now about logarithms only, so we can rename it. Many files included util.h for no apparent reason… Those includes are dropped.
* tree-wide: add a space after if, switch, for, and whileYu Watanabe2022-04-011-4/+4
|
* Define FOREACH_DIRENT through FOREACH_DIRENT_ALLZbigniew Jędrzejewski-Szmek2021-12-151-3/+0
| | | | As in the previous commit, 'de' is used as the iterator variable name.
* meson: ignore -Dsmack-run-label= if -Dsmack=falseZbigniew Jędrzejewski-Szmek2021-09-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Compilation would fail because we could have HAVE_SMACK_RUN_LABEL without HAVE_SMACK. This doesn't make much sense, so let's just make -Dsmack=false completely disable smack. Also, the logic in smack-setup.c seems dubious: '#ifdef SMACK_RUN_LABEL' would evaluate to true even if -Dsmack-run-label='' is used. I think this was introduced in the conversion to meson: 8b197c3a8a57c3f7c231b39e5660856fd9580c80 added AC_ARG_WITH(smack-run-label, AS_HELP_STRING([--with-smack-run-label=STRING], [run systemd --system with a specific SMACK label]), [AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run with a smack label])], []) i.e. it really was undefined if not specified. And it was same still in 72cdb3e783174dcf9223a49f03e3b0e2ca95ddb8 when configure.ac was dropped. So let's use the single conditional HAVE_SMACK_RUN_LABEL everywhere.
* dirent-util: use readdir_ensure_type() in readdir_no_dot() and FOREACH_DIRENT()Yu Watanabe2021-06-241-2/+0
|
* alloc-util: simplify GREEDY_REALLOC() logic by relying on malloc_usable_size()Lennart Poettering2021-05-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | We recently started making more use of malloc_usable_size() and rely on it (see the string_erase() story). Given that we don't really support sytems where malloc_usable_size() cannot be trusted beyond statistics anyway, let's go fully in and rework GREEDY_REALLOC() on top of it: instead of passing around and maintaining the currenly allocated size everywhere, let's just derive it automatically from malloc_usable_size(). I am mostly after this for the simplicity this brings. It also brings minor efficiency improvements I guess, but things become so much nicer to look at if we can avoid these allocation size variables everywhere. Note that the malloc_usable_size() man page says relying on it wasn't "good programming practice", but I think it does this for reasons that don't apply here: the greedy realloc logic specifically doesn't rely on the returned extra size, beyond the fact that it is equal or larger than what was requested. (This commit was supposed to be a quick patch btw, but apparently we use the greedy realloc stuff quite a bit across the codebase, so this ends up touching *a*lot* of code.)
* core: use SYNTHETIC_ERRNO() macroYu Watanabe2020-11-271-2/+1
|
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* tree-wide: drop dirent.h when dirent-util.h is includedYu Watanabe2019-11-041-1/+0
|
* tree-wide: drop string.h when string-util.h or friends are includedYu Watanabe2019-11-041-1/+0
|
* Handle d_type == DT_UNKNOWN correctlyMichael Olbrich2019-09-301-0/+2
| | | | | | | | | | | | | As documented in the man-page, readdir() may return a directory entry with d_type == DT_UNKNOWN. This must be handled for regular filesystems. dirent_ensure_type() is available to set d_type if necessary. Use it in some more places. Without this systemd will fail to boot correctly with nfsroot and some other filesystems. Closes #13609
* Add open_memstream_unlocked() wrapperZbigniew Jędrzejewski-Szmek2019-04-121-1/+0
|
* core/smack-setup: add helper function for openat+fdopenZbigniew Jędrzejewski-Szmek2019-04-121-59/+34
| | | | | | | | Unlocked operations are used in all three places. I don't see why just one was special. This also improves logging, since we don't just log the final component of the path, but the full name.
* headers: remove unneeded includes from util.hZbigniew Jędrzejewski-Szmek2019-03-271-0/+1
| | | | | This means we need to include many more headers in various files that simply included util.h before, but it seems cleaner to do it this way.
* tree-wide: Remove O_CLOEXEC from fdopenChris Down2018-12-121-3/+3
| | | | | | | | | | | | fdopen doesn't accept "e", it's ignored. Let's not mislead people into believing that it actually sets O_CLOEXEC. From `man 3 fdopen`: > e (since glibc 2.7): > Open the file with the O_CLOEXEC flag. See open(2) for more information. This flag is ignored for fdopen() As mentioned by @jlebon in #11131.
* Move LONG_LINE_MAX definition to fileio.hZbigniew Jędrzejewski-Szmek2018-11-141-1/+0
| | | | | | | | | | | All users of the macro (except for one, in serialize.c), use the macro in connection with read_line(), so they must include fileio.h. Let's not play libc games and require multiple header file to be included for the most common use of a function. The removal of def.h includes is not exact. I mostly went over the commits that switch over to use read_line() and add def.h at the same time and reverted the addition of def.h in those files.
* tree-wide: set WRITE_STRING_FILE_DISABLE_BUFFER flag when we write files ↵Yu Watanabe2018-11-061-4/+4
| | | | under /proc or /sys
* core: include error cause in log messageYu Watanabe2018-10-201-4/+4
|
* smack-setup: include error cause in log messageLennart Poettering2018-10-181-4/+5
|
* smcak-setup: FOREACH_LINE excorcismLennart Poettering2018-10-181-18/+37
|
* tree-wide: use proper unicode © instead of (C) where we canLennart Poettering2018-06-141-1/+1
| | | | | | Let's use a proper unicode copyright symbol where we can, it's prettier. This important patch is very important.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* tree-wide: use __fsetlocking() instead of fxyz_unlocked()Lennart Poettering2017-12-141-6/+12
| | | | | | | | | | | | | | | | | | | | | | | | Let's replace usage of fputc_unlocked() and friends by __fsetlocking(f, FSETLOCKING_BYCALLER). This turns off locking for the entire FILE*, instead of doing individual per-call decision whether to use normal calls or _unlocked() calls. This has various benefits: 1. It's easier to read and easier not to forget 2. It's more comprehensive, as fprintf() and friends are covered too (as these functions have no _unlocked() counterpart) 3. Philosophically, it's a bit more correct, because it's more a property of the file handle really whether we ever pass it on to another thread, not of the operations we then apply to it. This patch reworks all pieces of codes that so far used fxyz_unlocked() calls to use __fsetlocking() instead. It also reworks all places that use open_memstream(), i.e. use stdio FILE* for string manipulations. Note that this in some way a revert of 4b61c8751135c58be043d86b9fef4c8ec7aadf18.
* smack: allow comments on smack rules (#7438)WaLyong Cho2017-11-231-2/+2
|
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* build-sys: s/HAVE_SMACK/ENABLE_SMACK/Zbigniew Jędrzejewski-Szmek2017-10-041-2/+2
| | | | Same justification as for HAVE_UTMP.
* build-sys: use #if Y instead of #ifdef Y everywhereZbigniew Jędrzejewski-Szmek2017-10-041-2/+2
| | | | | | | | | | | | | | | The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
* tree-wide: fput[cs]() → fput[cs]_unlocked() wherever that makes sense (#6396)Lennart Poettering2017-07-211-1/+1
| | | | | | | | As a follow-up for db3f45e2d2586d78f942a43e661415bc50716d11 let's do the same for all other cases where we create a FILE* with local scope and know that no other threads hence can have access to it. For most cases this shouldn't change much really, but this should speed dbus introspection and calender time formatting up a bit.
* smack: handling smack onlycap list (#5542)WaLyong Cho2017-06-261-0/+64
| | | | | | | | To support smack onlycap, read onlycap list from /etc/smack/onlycap and write to /sys/fs/smackfs/onlycap. https://lwn.net/Articles/292128/ http://lkml.iu.edu/hypermail/linux/kernel/1505.2/04718.html http://schaufler-ca.com/description_from_the_linux_source_tree
* tree-wide: indentation fixesThomas Hindoe Paaboel Andersen2016-02-261-1/+1
|
* tree-wide: remove Emacs lines from all filesDaniel Mack2016-02-101-2/+0
| | | | | This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
* smack: Handling networkCasey Schaufler2016-01-111-3/+98
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Set Smack ambient to match run label - Set Smack netlabel host rules Set Smack ambient to match run label ------------------------------------ Set the Smack networking ambient label to match the run label of systemd. System services may expect to communicate with external services over IP. Setting the ambient label assigns that label to IP packets that do not include CIPSO headers. This allows systemd and the services it spawns access to unlabeled IP packets, and hence external services. A system may choose to restrict network access to particular services later in the startup process. This is easily done by resetting the ambient label elsewhere. Set Smack netlabel host rules ----------------------------- If SMACK_RUN_LABEL is defined set all other hosts to be single label hosts at the specified label. Set the loopback address to be a CIPSO host. If any netlabel host rules are defined in /etc/smack/netlabel.d install them into the smackfs netlabel interface. [Patrick Ohly: copied from https://review.tizen.org/git/?p=platform/upstream/systemd.git;a=commit;h=db4f6c9a074644aa2bf] [Patrick Ohly: adapt to write_string_file() change in "fileio: consolidate write_string_file*()"] [Patrick Ohly: create write_netlabel_rules() based on the original write_rules() that was removed in "smack: support smack access change-rule"] [Patrick Ohly: adapted to upstream code review feedback: error logging, string constants]
* util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering2015-10-271-0/+1
|
* util-lib: introduce dirent-util.[ch] for directory entry callsLennart Poettering2015-10-271-0/+1
| | | | Also, move a couple of more path-related functions to path-util.c.
* util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering2015-10-251-1/+2
| | | | | There are more than enough to deserve their own .c file, hence move them over.
* util-lib: split our string related calls from util.[ch] into its own file ↵Lennart Poettering2015-10-241-7/+8
| | | | | | | | | | | | | | string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
* tree-wide: add missing errno arguments to log_*_errno()Michal Schmidt2015-10-011-1/+1
| | | | | | | | A few of the recent conversions to log_*_errno() were missing the errno value arguments. Fixes: e53fc357a9b "tree-wide: remove a number of invocations of strerror() and replace by %m"
* tree-wide: remove a number of invocations of strerror() and replace by %mLennart Poettering2015-09-301-6/+3
| | | | | Let's clean up our tree a bit, and reduce invocations of the thread-unsafe strerror() by replacing it with printf()'s %m specifier.
* fileio: consolidate write_string_file*()Daniel Mack2015-07-061-1/+1
| | | | | | | Merge write_string_file(), write_string_file_no_create() and write_string_file_atomic() into write_string_file() and provide a flags mask that allows combinations of atomic writing, newline appending and automatic file creation. Change all users accordingly.
* smack: support smack access change-ruleWaLyong Cho2015-06-221-25/+110
| | | | | | | | | | | | | | | | | | | | | | | Smack is also able to have modification rules of existing rules. In this case, the rule has additional argument to modify previous rule. /sys/fs/smackfs/load2 node can only take three arguments: subject object access. So if modification rules are written to /sys/fs/smackfs/load2, EINVAL error is happen. Those modification rules have to be written to /sys/fs/smackfs/change-rule. To distinguish access with operation of cipso2, split write_rules() for each operation. And, in write access rules, parse the rule and if the rule has four argument then write into /sys/fs/smackfs/change-rule. https://lwn.net/Articles/532340/ fwrite() or fputs() are fancy functions to write byte stream such like regular file. But special files on linux such like proc, sysfs are not stream of bytes. Those special files on linux have to be written with specific size. By this reason, in some of many case, fputs() was failed to write buffer to smack load2 node. The write operation for the smack nodes should be performed with write().
* remove unused includesThomas Hindoe Paaboel Andersen2015-02-231-6/+0
| | | | | | This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
* treewide: use log_*_errno whenever %m is in the format stringMichal Schmidt2014-11-281-6/+6
| | | | | | | | | | | If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
* mac: add mac_ prefix to distinguish origin security apisWaLyong Cho2014-10-281-1/+1
|
* core: smack-setup: Actually allow for succesfully loading CIPSO policyPhilippe De Swert2014-09-131-1/+1
| | | | | | | | The line under the last switch statement *loaded_policy = true; would never be executed. As all switch cases return 0. Thus the policy would never be marked as loaded. Found with Coverity. Fixes: CID#1237785
* util: replace close_nointr_nofail() by a more useful safe_close()Lennart Poettering2014-03-181-1/+1
| | | | | | | | | | | | | | | safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
* smack: set loaded_policy in smack_setup()Łukasz Stelmach2014-02-241-1/+5
| | | | With loaded_policy set to true mount_setup() relabels /dev properly.
* Run with a custom SMACK domain (label).Auke Kok2013-10-071-0/+8
| | | | | | | | | | | Allows the systemd --system process to change its current SMACK label to a predefined custom label (usually "system") at boot time. This is needed to have a few system-generated folders and sockets automatically be created with the right SMACK label. Without that, processes either cannot communicate with systemd or systemd fails to perform some actions.
* smack-setup: fix path to Smack/CIPSO mappingsPatrick McCarty2013-10-011-1/+1
| | | | | | The correct path to the dir with CIPSO mappings is /etc/smack/cipso.d/; /etc/smack/cipso is a file that can include these mappings as well, though it is no longer supported in upstream libsmack.
View Lorry Controller Status