smack-setup.c revision a4783bd17ad96f55b0fe83a50959da13555292bf
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen This file is part of systemd.
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen Copyright (C) 2013 Intel Corporation
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen Nathaniel Chen <nathaniel.chen@intel.com>
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen systemd is free software; you can redistribute it and/or modify it
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen under the terms of the GNU Lesser General Public License as published
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen by the Free Software Foundation; either version 2.1 of the License,
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen or (at your option) any later version.
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen systemd is distributed in the hope that it will be useful, but
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen WITHOUT ANY WARRANTY; without even the implied warranty of
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen Lesser General Public License for more details.
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen You should have received a copy of the GNU Lesser General Public License
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen along with systemd; If not, see <http://www.gnu.org/licenses/>.
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek#define SMACK_CONFIG "/etc/smack/accesses.d/"
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmekstatic int write_rules(const char* dstpath, const char* srcdir) {
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek _cleanup_fclose_ FILE *dst = NULL;
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek log_warning("Failed to open %s: %m", dstpath);
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek return -errno; /* negative error */
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek /* write rules to dst from every file in the directory */
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek log_warning("Failed to opendir %s: %m", srcdir);
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek return errno; /* positive on purpose */
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek fd = openat(dfd, entry->d_name, O_RDONLY|O_CLOEXEC);
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek log_warning("Failed to open %s: %m", entry->d_name);
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek log_error("Failed to open %s: %m", entry->d_name);
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen /* load2 write rules in the kernel require a line buffered stream */
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek log_error("Failed to read line from %s: %m",
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek log_error("Failed to write line to %s", dstpath);
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek log_error("Failed to flush writes to %s: %m", dstpath);
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek log_debug("Smack is not enabled in the kernel.");
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek log_debug("Smack access rules directory " SMACK_CONFIG " not found");
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek log_info("Successfully loaded Smack policies.");
a4783bd17ad96f55b0fe83a50959da13555292bfZbigniew Jędrzejewski-Szmek log_warning("Failed to load smack access rules: %s, ignoring.",