summaryrefslogtreecommitdiff
path: root/src/core/smack-setup.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/core/smack-setup.c')
-rw-r--r--src/core/smack-setup.c85
1 files changed, 52 insertions, 33 deletions
diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
index 50115c0454..49b37aefc7 100644
--- a/src/core/smack-setup.c
+++ b/src/core/smack-setup.c
@@ -29,7 +29,6 @@ static int write_access2_rules(const char* srcdir) {
_cleanup_close_ int load2_fd = -1, change_fd = -1;
_cleanup_closedir_ DIR *dir = NULL;
struct dirent *entry;
- char buf[NAME_MAX];
int dfd = -1;
int r = 0;
@@ -73,7 +72,7 @@ static int write_access2_rules(const char* srcdir) {
continue;
}
- policy = fdopen(fd, "re");
+ policy = fdopen(fd, "r");
if (!policy) {
if (r == 0)
r = -errno;
@@ -83,13 +82,17 @@ static int write_access2_rules(const char* srcdir) {
}
/* load2 write rules in the kernel require a line buffered stream */
- FOREACH_LINE(buf, policy,
- log_error_errno(errno, "Failed to read line from '%s': %m",
- entry->d_name)) {
+ for (;;) {
+ _cleanup_free_ char *buf = NULL, *sbj = NULL, *obj = NULL, *acc1 = NULL, *acc2 = NULL;
+ int q;
- _cleanup_free_ char *sbj = NULL, *obj = NULL, *acc1 = NULL, *acc2 = NULL;
+ q = read_line(policy, NAME_MAX, &buf);
+ if (q < 0)
+ return log_error_errno(q, "Failed to read line from '%s': %m", entry->d_name);
+ if (q == 0)
+ break;
- if (isempty(truncate_nl(buf)) || strchr(COMMENTS, *buf))
+ if (isempty(buf) || strchr(COMMENTS, buf[0]))
continue;
/* if 3 args -> load rule : subject object access1 */
@@ -102,7 +105,7 @@ static int write_access2_rules(const char* srcdir) {
if (write(isempty(acc2) ? load2_fd : change_fd, buf, strlen(buf)) < 0) {
if (r == 0)
r = -errno;
- log_error_errno(errno, "Failed to write '%s' to '%s' in '%s'",
+ log_error_errno(errno, "Failed to write '%s' to '%s' in '%s': %m",
buf, isempty(acc2) ? "/sys/fs/smackfs/load2" : "/sys/fs/smackfs/change-rule", entry->d_name);
}
}
@@ -115,7 +118,6 @@ static int write_cipso2_rules(const char* srcdir) {
_cleanup_close_ int cipso2_fd = -1;
_cleanup_closedir_ DIR *dir = NULL;
struct dirent *entry;
- char buf[NAME_MAX];
int dfd = -1;
int r = 0;
@@ -152,7 +154,7 @@ static int write_cipso2_rules(const char* srcdir) {
continue;
}
- policy = fdopen(fd, "re");
+ policy = fdopen(fd, "r");
if (!policy) {
if (r == 0)
r = -errno;
@@ -162,17 +164,23 @@ static int write_cipso2_rules(const char* srcdir) {
}
/* cipso2 write rules in the kernel require a line buffered stream */
- FOREACH_LINE(buf, policy,
- log_error_errno(errno, "Failed to read line from '%s': %m",
- entry->d_name)) {
+ for (;;) {
+ _cleanup_free_ char *buf = NULL;
+ int q;
+
+ q = read_line(policy, NAME_MAX, &buf);
+ if (q < 0)
+ return log_error_errno(q, "Failed to read line from '%s': %m", entry->d_name);
+ if (q == 0)
+ break;
- if (isempty(truncate_nl(buf)) || strchr(COMMENTS, *buf))
+ if (isempty(buf) || strchr(COMMENTS, buf[0]))
continue;
if (write(cipso2_fd, buf, strlen(buf)) < 0) {
if (r == 0)
r = -errno;
- log_error_errno(errno, "Failed to write '%s' to '/sys/fs/smackfs/cipso2' in '%s'",
+ log_error_errno(errno, "Failed to write '%s' to '/sys/fs/smackfs/cipso2' in '%s': %m",
buf, entry->d_name);
break;
}
@@ -186,7 +194,6 @@ static int write_netlabel_rules(const char* srcdir) {
_cleanup_fclose_ FILE *dst = NULL;
_cleanup_closedir_ DIR *dir = NULL;
struct dirent *entry;
- char buf[NAME_MAX];
int dfd = -1;
int r = 0;
@@ -220,7 +227,7 @@ static int write_netlabel_rules(const char* srcdir) {
continue;
}
- policy = fdopen(fd, "re");
+ policy = fdopen(fd, "r");
if (!policy) {
if (r == 0)
r = -errno;
@@ -232,15 +239,20 @@ static int write_netlabel_rules(const char* srcdir) {
(void) __fsetlocking(policy, FSETLOCKING_BYCALLER);
/* load2 write rules in the kernel require a line buffered stream */
- FOREACH_LINE(buf, policy,
- log_error_errno(errno, "Failed to read line from %s: %m", entry->d_name)) {
-
+ for (;;) {
+ _cleanup_free_ char *buf = NULL;
int q;
+ q = read_line(policy, NAME_MAX, &buf);
+ if (q < 0)
+ return log_error_errno(q, "Failed to read line from %s: %m", entry->d_name);
+ if (q == 0)
+ break;
+
if (!fputs(buf, dst)) {
if (r == 0)
r = -EINVAL;
- log_error_errno(errno, "Failed to write line to /sys/fs/smackfs/netlabel");
+ log_error_errno(errno, "Failed to write line to /sys/fs/smackfs/netlabel: %m");
break;
}
q = fflush_and_check(dst);
@@ -261,20 +273,27 @@ static int write_onlycap_list(void) {
_cleanup_free_ char *list = NULL;
_cleanup_fclose_ FILE *f = NULL;
size_t len = 0, allocated = 0;
- char buf[LINE_MAX];
int r;
f = fopen("/etc/smack/onlycap", "re");
if (!f) {
if (errno != ENOENT)
- log_warning_errno(errno, "Failed to read '/etc/smack/onlycap'");
+ log_warning_errno(errno, "Failed to read '/etc/smack/onlycap': %m");
+
return errno == ENOENT ? ENOENT : -errno;
}
- FOREACH_LINE(buf, f, return -errno) {
+ for (;;) {
+ _cleanup_free_ char *buf = NULL;
size_t l;
- if (isempty(truncate_nl(buf)) || strchr(COMMENTS, *buf))
+ r = read_line(f, LONG_LINE_MAX, &buf);
+ if (r < 0)
+ return log_error_errno(r, "Failed to read line from /etc/smack/onlycap: %m");
+ if (r == 0)
+ break;
+
+ if (isempty(buf) || strchr(COMMENTS, *buf))
continue;
l = strlen(buf);
@@ -285,7 +304,7 @@ static int write_onlycap_list(void) {
len += l + 1;
}
- if (!len)
+ if (len == 0)
return 0;
list[len - 1] = 0;
@@ -293,13 +312,13 @@ static int write_onlycap_list(void) {
onlycap_fd = open("/sys/fs/smackfs/onlycap", O_WRONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
if (onlycap_fd < 0) {
if (errno != ENOENT)
- log_warning_errno(errno, "Failed to open '/sys/fs/smackfs/onlycap'");
+ log_warning_errno(errno, "Failed to open '/sys/fs/smackfs/onlycap': %m");
return -errno; /* negative error */
}
r = write(onlycap_fd, list, len);
if (r < 0)
- return log_error_errno(errno, "Failed to write onlycap list(%s) to '/sys/fs/smackfs/onlycap'", list);
+ return log_error_errno(errno, "Failed to write onlycap list(%s) to '/sys/fs/smackfs/onlycap': %m", list);
return 0;
}
@@ -331,17 +350,17 @@ int mac_smack_setup(bool *loaded_policy) {
}
#ifdef SMACK_RUN_LABEL
- r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, 0);
+ r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
if (r < 0)
log_warning_errno(r, "Failed to set SMACK label \"" SMACK_RUN_LABEL "\" on self: %m");
- r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, 0);
+ r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
if (r < 0)
log_warning_errno(r, "Failed to set SMACK ambient label \"" SMACK_RUN_LABEL "\": %m");
r = write_string_file("/sys/fs/smackfs/netlabel",
- "0.0.0.0/0 " SMACK_RUN_LABEL, 0);
+ "0.0.0.0/0 " SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
if (r < 0)
log_warning_errno(r, "Failed to set SMACK netlabel rule \"0.0.0.0/0 " SMACK_RUN_LABEL "\": %m");
- r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", 0);
+ r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", WRITE_STRING_FILE_DISABLE_BUFFER);
if (r < 0)
log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m");
#endif
@@ -390,7 +409,7 @@ int mac_smack_setup(bool *loaded_policy) {
log_info("Successfully wrote Smack onlycap list.");
break;
default:
- log_emergency_errno(r, "Failed to write Smack onlycap list.");
+ log_emergency_errno(r, "Failed to write Smack onlycap list: %m");
return r;
}
View Lorry Controller Status