]> git.proxmox.com Git - systemd.git/blobdiff - src/core/smack-setup.c
projects / systemd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
New upstream version 240
[systemd.git] / src / core / smack-setup.c
diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
index 50115c0454e43fb4a9e2b90fce873385aa3118cd..49b37aefc723aa128540b6ad8d70cb87bf1e898a 100644 (file)
--- a/src/core/smack-setup.c
+++ b/src/core/smack-setup.c
@@ -29,7 +29,6 @@ static int write_access2_rules(const char* srcdir) {
         _cleanup_close_ int load2_fd = -1, change_fd = -1;
         _cleanup_closedir_ DIR *dir = NULL;
         struct dirent *entry;
-        char buf[NAME_MAX];
         int dfd = -1;
         int r = 0;
 
@@ -73,7 +72,7 @@ static int write_access2_rules(const char* srcdir) {
                         continue;
                 }
 
-                policy = fdopen(fd, "re");
+                policy = fdopen(fd, "r");
                 if (!policy) {
                         if (r == 0)
                                 r = -errno;
@@ -83,13 +82,17 @@ static int write_access2_rules(const char* srcdir) {
                 }
 
                 /* load2 write rules in the kernel require a line buffered stream */
-                FOREACH_LINE(buf, policy,
-                             log_error_errno(errno, "Failed to read line from '%s': %m",
-                                             entry->d_name)) {
+                for (;;) {
+                        _cleanup_free_ char *buf = NULL, *sbj = NULL, *obj = NULL, *acc1 = NULL, *acc2 = NULL;
+                        int q;
 
-                        _cleanup_free_ char *sbj = NULL, *obj = NULL, *acc1 = NULL, *acc2 = NULL;
+                        q = read_line(policy, NAME_MAX, &buf);
+                        if (q < 0)
+                                return log_error_errno(q, "Failed to read line from '%s': %m", entry->d_name);
+                        if (q == 0)
+                                break;
 
-                        if (isempty(truncate_nl(buf)) || strchr(COMMENTS, *buf))
+                        if (isempty(buf) || strchr(COMMENTS, buf[0]))
                                 continue;
 
                         /* if 3 args -> load rule   : subject object access1 */
@@ -102,7 +105,7 @@ static int write_access2_rules(const char* srcdir) {
                         if (write(isempty(acc2) ? load2_fd : change_fd, buf, strlen(buf)) < 0) {
                                 if (r == 0)
                                         r = -errno;
-                                log_error_errno(errno, "Failed to write '%s' to '%s' in '%s'",
+                                log_error_errno(errno, "Failed to write '%s' to '%s' in '%s': %m",
                                                 buf, isempty(acc2) ? "/sys/fs/smackfs/load2" : "/sys/fs/smackfs/change-rule", entry->d_name);
                         }
                 }
@@ -115,7 +118,6 @@ static int write_cipso2_rules(const char* srcdir) {
         _cleanup_close_ int cipso2_fd = -1;
         _cleanup_closedir_ DIR *dir = NULL;
         struct dirent *entry;
-        char buf[NAME_MAX];
         int dfd = -1;
         int r = 0;
 
@@ -152,7 +154,7 @@ static int write_cipso2_rules(const char* srcdir) {
                         continue;
                 }
 
-                policy = fdopen(fd, "re");
+                policy = fdopen(fd, "r");
                 if (!policy) {
                         if (r == 0)
                                 r = -errno;
@@ -162,17 +164,23 @@ static int write_cipso2_rules(const char* srcdir) {
                 }
 
                 /* cipso2 write rules in the kernel require a line buffered stream */
-                FOREACH_LINE(buf, policy,
-                             log_error_errno(errno, "Failed to read line from '%s': %m",
-                                             entry->d_name)) {
+                for (;;) {
+                        _cleanup_free_ char *buf = NULL;
+                        int q;
+
+                        q = read_line(policy, NAME_MAX, &buf);
+                        if (q < 0)
+                                return log_error_errno(q, "Failed to read line from '%s': %m", entry->d_name);
+                        if (q == 0)
+                                break;
 
-                        if (isempty(truncate_nl(buf)) || strchr(COMMENTS, *buf))
+                        if (isempty(buf) || strchr(COMMENTS, buf[0]))
                                 continue;
 
                         if (write(cipso2_fd, buf, strlen(buf)) < 0) {
                                 if (r == 0)
                                         r = -errno;
-                                log_error_errno(errno, "Failed to write '%s' to '/sys/fs/smackfs/cipso2' in '%s'",
+                                log_error_errno(errno, "Failed to write '%s' to '/sys/fs/smackfs/cipso2' in '%s': %m",
                                                 buf, entry->d_name);
                                 break;
                         }
@@ -186,7 +194,6 @@ static int write_netlabel_rules(const char* srcdir) {
         _cleanup_fclose_ FILE *dst = NULL;
         _cleanup_closedir_ DIR *dir = NULL;
         struct dirent *entry;
-        char buf[NAME_MAX];
         int dfd = -1;
         int r = 0;
 
@@ -220,7 +227,7 @@ static int write_netlabel_rules(const char* srcdir) {
                         continue;
                 }
 
-                policy = fdopen(fd, "re");
+                policy = fdopen(fd, "r");
                 if (!policy) {
                         if (r == 0)
                                 r = -errno;
@@ -232,15 +239,20 @@ static int write_netlabel_rules(const char* srcdir) {
                 (void) __fsetlocking(policy, FSETLOCKING_BYCALLER);
 
                 /* load2 write rules in the kernel require a line buffered stream */
-                FOREACH_LINE(buf, policy,
-                             log_error_errno(errno, "Failed to read line from %s: %m", entry->d_name)) {
-
+                for (;;) {
+                        _cleanup_free_ char *buf = NULL;
                         int q;
 
+                        q = read_line(policy, NAME_MAX, &buf);
+                        if (q < 0)
+                                return log_error_errno(q, "Failed to read line from %s: %m", entry->d_name);
+                        if (q == 0)
+                                break;
+
                         if (!fputs(buf, dst)) {
                                 if (r == 0)
                                         r = -EINVAL;
-                                log_error_errno(errno, "Failed to write line to /sys/fs/smackfs/netlabel");
+                                log_error_errno(errno, "Failed to write line to /sys/fs/smackfs/netlabel: %m");
                                 break;
                         }
                         q = fflush_and_check(dst);
@@ -261,20 +273,27 @@ static int write_onlycap_list(void) {
         _cleanup_free_ char *list = NULL;
         _cleanup_fclose_ FILE *f = NULL;
         size_t len = 0, allocated = 0;
-        char buf[LINE_MAX];
         int r;
 
         f = fopen("/etc/smack/onlycap", "re");
         if (!f) {
                 if (errno != ENOENT)
-                        log_warning_errno(errno, "Failed to read '/etc/smack/onlycap'");
+                        log_warning_errno(errno, "Failed to read '/etc/smack/onlycap': %m");
+
                 return errno == ENOENT ? ENOENT : -errno;
         }
 
-        FOREACH_LINE(buf, f, return -errno) {
+        for (;;) {
+                _cleanup_free_ char *buf = NULL;
                 size_t l;
 
-                if (isempty(truncate_nl(buf)) || strchr(COMMENTS, *buf))
+                r = read_line(f, LONG_LINE_MAX, &buf);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to read line from /etc/smack/onlycap: %m");
+                if (r == 0)
+                        break;
+
+                if (isempty(buf) || strchr(COMMENTS, *buf))
                         continue;
 
                 l = strlen(buf);
@@ -285,7 +304,7 @@ static int write_onlycap_list(void) {
                 len += l + 1;
         }
 
-        if (!len)
+        if (len == 0)
                 return 0;
 
         list[len - 1] = 0;
@@ -293,13 +312,13 @@ static int write_onlycap_list(void) {
         onlycap_fd = open("/sys/fs/smackfs/onlycap", O_WRONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
         if (onlycap_fd < 0) {
                 if (errno != ENOENT)
-                        log_warning_errno(errno, "Failed to open '/sys/fs/smackfs/onlycap'");
+                        log_warning_errno(errno, "Failed to open '/sys/fs/smackfs/onlycap': %m");
                 return -errno; /* negative error */
         }
 
         r = write(onlycap_fd, list, len);
         if (r < 0)
-                return log_error_errno(errno, "Failed to write onlycap list(%s) to '/sys/fs/smackfs/onlycap'", list);
+                return log_error_errno(errno, "Failed to write onlycap list(%s) to '/sys/fs/smackfs/onlycap': %m", list);
 
         return 0;
 }
@@ -331,17 +350,17 @@ int mac_smack_setup(bool *loaded_policy) {
         }
 
 #ifdef SMACK_RUN_LABEL
-        r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, 0);
+        r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
         if (r < 0)
                 log_warning_errno(r, "Failed to set SMACK label \"" SMACK_RUN_LABEL "\" on self: %m");
-        r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, 0);
+        r = write_string_file("/sys/fs/smackfs/ambient", SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
         if (r < 0)
                 log_warning_errno(r, "Failed to set SMACK ambient label \"" SMACK_RUN_LABEL "\": %m");
         r = write_string_file("/sys/fs/smackfs/netlabel",
-                              "0.0.0.0/0 " SMACK_RUN_LABEL, 0);
+                              "0.0.0.0/0 " SMACK_RUN_LABEL, WRITE_STRING_FILE_DISABLE_BUFFER);
         if (r < 0)
                 log_warning_errno(r, "Failed to set SMACK netlabel rule \"0.0.0.0/0 " SMACK_RUN_LABEL "\": %m");
-        r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", 0);
+        r = write_string_file("/sys/fs/smackfs/netlabel", "127.0.0.1 -CIPSO", WRITE_STRING_FILE_DISABLE_BUFFER);
         if (r < 0)
                 log_warning_errno(r, "Failed to set SMACK netlabel rule \"127.0.0.1 -CIPSO\": %m");
 #endif
@@ -390,7 +409,7 @@ int mac_smack_setup(bool *loaded_policy) {
                 log_info("Successfully wrote Smack onlycap list.");
                 break;
         default:
-                log_emergency_errno(r, "Failed to write Smack onlycap list.");
+                log_emergency_errno(r, "Failed to write Smack onlycap list: %m");
                 return r;
         }
 
systemd for Proxmox projects