smack-setup.c revision fea7838e7e0b2724f5e0bc028121a08b42995045
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen This file is part of systemd.
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen Copyright (C) 2013 Intel Corporation
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen Nathaniel Chen <nathaniel.chen@intel.com>
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen systemd is free software; you can redistribute it and/or modify it
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen under the terms of the GNU Lesser General Public License as published
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen by the Free Software Foundation; either version 2.1 of the License,
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen or (at your option) any later version.
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen systemd is distributed in the hope that it will be useful, but
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen WITHOUT ANY WARRANTY; without even the implied warranty of
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen Lesser General Public License for more details.
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen You should have received a copy of the GNU Lesser General Public License
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen along with systemd; If not, see <http://www.gnu.org/licenses/>.
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen#define ACCESSES_D_PATH "/etc/smack/accesses.d/"
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen smack = fopen("/sys/fs/smackfs/load2", "we");
fea7838e7e0b2724f5e0bc028121a08b42995045Zbigniew Jędrzejewski-Szmek log_debug("Smack is not enabled in the kernel, not loading access rules.");
fea7838e7e0b2724f5e0bc028121a08b42995045Zbigniew Jędrzejewski-Szmek log_warning("Failed to open /sys/fs/smackfs/load2: %m");
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen /* write rules to load2 from every file in the directory */
fea7838e7e0b2724f5e0bc028121a08b42995045Zbigniew Jędrzejewski-Szmek log_full(errno == ENOENT ? LOG_DEBUG : LOG_WARNING,
fea7838e7e0b2724f5e0bc028121a08b42995045Zbigniew Jędrzejewski-Szmek "Opening Smack access rules directory "
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen pol = openat(dfd, entry->d_name, O_RDONLY|O_CLOEXEC);
fea7838e7e0b2724f5e0bc028121a08b42995045Zbigniew Jędrzejewski-Szmek log_error("Smack access rule file %s not opened: %m",
fea7838e7e0b2724f5e0bc028121a08b42995045Zbigniew Jędrzejewski-Szmek log_error("Smack access rule file %s not opened: %m",
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen /* load2 write rules in the kernel require a line buffered stream */
fea7838e7e0b2724f5e0bc028121a08b42995045Zbigniew Jędrzejewski-Szmek log_error("Failed to read from Smack access rule file %s: %m",
ffbd2c4d45787ba5ba85a32db6551efba66a1ee6Nathaniel Chen log_info("Successfully loaded Smack policies.");