src/selinux-setup.c - systemd-stable - Rivoreo Source Code Repositories

 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

 /***
   This file is part of systemd.

   Copyright 2010 Lennart Poettering

   systemd is free software; you can redistribute it and/or modify it
   under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   systemd is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
   General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/

 #include <unistd.h>
 #include <stdio.h>
 #include <errno.h>
 #include <string.h>
 #include <stdlib.h>

 #ifdef HAVE_SELINUX
 #include <selinux/selinux.h>
 #endif

 #include "selinux-setup.h"
 #include "macro.h"
 #include "util.h"
 #include "log.h"

 int selinux_setup(char *const argv[]) {
 #ifdef HAVE_SELINUX
        int enforce = 0;

        /* Already initialized? */
        if (path_is_mount_point("/selinux") > 0)
                return 0;

        /* Before we load the policy we create a flag file to ensure
         * that after the reexec we iterate through /dev to relabel
         * things. */
        mkdir_p("/dev/.systemd", 0755);
        touch("/dev/.systemd/relabel-devtmpfs");

        if (selinux_init_load_policy(&enforce) == 0) {
                log_debug("Successfully loaded SELinux policy, reexecuting.");

                /* FIXME: Ideally we'd just call setcon() here instead
                 * of having to reexecute ourselves here. */

                execv(SYSTEMD_BINARY_PATH, argv);
                log_error("Failed to reexecute: %m");
                return -errno;

        } else {
                log_full(enforce > 0 ? LOG_ERR : LOG_DEBUG, "Failed to load SELinux policy.");

                unlink("/dev/.systemd/relabel-devtmpfs");

                if (enforce > 0)
                        return -EIO;
        }
 #endif

        return 0;
 }
	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/

	/***
	This file is part of systemd.

	Copyright 2010 Lennart Poettering

	systemd is free software; you can redistribute it and/or modify it
	under the terms of the GNU General Public License as published by
	the Free Software Foundation; either version 2 of the License, or
	(at your option) any later version.

	systemd is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	***/

	#include <unistd.h>
	#include <stdio.h>
	#include <errno.h>
	#include <string.h>
	#include <stdlib.h>

	#ifdef HAVE_SELINUX
	#include <selinux/selinux.h>
	#endif

	#include "selinux-setup.h"
	#include "macro.h"
	#include "util.h"
	#include "log.h"

	int selinux_setup(char *const argv[]) {
	#ifdef HAVE_SELINUX
	int enforce = 0;

	/* Already initialized? */
	if (path_is_mount_point("/selinux") > 0)
	return 0;

	/* Before we load the policy we create a flag file to ensure
	* that after the reexec we iterate through /dev to relabel
	* things. */
	mkdir_p("/dev/.systemd", 0755);
	touch("/dev/.systemd/relabel-devtmpfs");

	if (selinux_init_load_policy(&enforce) == 0) {
	log_debug("Successfully loaded SELinux policy, reexecuting.");

	/* FIXME: Ideally we'd just call setcon() here instead
	* of having to reexecute ourselves here. */

	execv(SYSTEMD_BINARY_PATH, argv);
	log_error("Failed to reexecute: %m");
	return -errno;

	} else {
	log_full(enforce > 0 ? LOG_ERR : LOG_DEBUG, "Failed to load SELinux policy.");

	unlink("/dev/.systemd/relabel-devtmpfs");

	if (enforce > 0)
	return -EIO;
	}
	#endif

	return 0;
	}