diff options
Diffstat (limited to 'src/core/smack-setup.c')
-rw-r--r-- | src/core/smack-setup.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c index 9cd539f3d3..b0d3612d69 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ /*** This file is part of systemd. @@ -23,6 +24,7 @@ #include <errno.h> #include <fcntl.h> #include <stdio.h> +#include <stdio_ext.h> #include <stdlib.h> #include <string.h> @@ -102,7 +104,7 @@ static int write_access2_rules(const char* srcdir) { _cleanup_free_ char *sbj = NULL, *obj = NULL, *acc1 = NULL, *acc2 = NULL; - if (isempty(truncate_nl(buf))) + if (isempty(truncate_nl(buf)) || strchr(COMMENTS, *buf)) continue; /* if 3 args -> load rule : subject object access1 */ @@ -179,7 +181,7 @@ static int write_cipso2_rules(const char* srcdir) { log_error_errno(errno, "Failed to read line from '%s': %m", entry->d_name)) { - if (isempty(truncate_nl(buf))) + if (isempty(truncate_nl(buf)) || strchr(COMMENTS, *buf)) continue; if (write(cipso2_fd, buf, strlen(buf)) < 0) { @@ -242,20 +244,25 @@ static int write_netlabel_rules(const char* srcdir) { continue; } + (void) __fsetlocking(policy, FSETLOCKING_BYCALLER); + /* load2 write rules in the kernel require a line buffered stream */ FOREACH_LINE(buf, policy, - log_error_errno(errno, "Failed to read line from %s: %m", - entry->d_name)) { - if (!fputs_unlocked(buf, dst)) { + log_error_errno(errno, "Failed to read line from %s: %m", entry->d_name)) { + + int q; + + if (!fputs(buf, dst)) { if (r == 0) r = -EINVAL; log_error_errno(errno, "Failed to write line to /sys/fs/smackfs/netlabel"); break; } - if (fflush(dst)) { + q = fflush_and_check(dst); + if (q < 0) { if (r == 0) - r = -errno; - log_error_errno(errno, "Failed to flush writes to /sys/fs/smackfs/netlabel: %m"); + r = q; + log_error_errno(q, "Failed to flush writes to /sys/fs/smackfs/netlabel: %m"); break; } } |