42
#define ACCESSES_D_PATH "/etc/smack/accesses.d/"
42
#define SMACK_CONFIG "/etc/smack/accesses.d/"
43
#define CIPSO_CONFIG "/etc/smack/cipso/"
44
int smack_setup(void) {
45
_cleanup_fclose_ FILE *smack = NULL;
45
static int write_rules(const char* dstpath, const char* srcdir) {
46
_cleanup_fclose_ FILE *dst = NULL;
46
47
_cleanup_closedir_ DIR *dir = NULL;
47
48
struct dirent *entry;
48
49
char buf[NAME_MAX];
51
smack = fopen("/sys/fs/smackfs/load2", "we");
53
log_info("Smack is not enabled in the kernel, not loading access rules.");
53
dst = fopen(dstpath, "we");
56
log_warning("Failed to open %s: %m", dstpath);
57
return -errno; /* negative error */
57
/* write rules to load2 from every file in the directory */
58
dir = opendir(ACCESSES_D_PATH);
60
/* write rules to dst from every file in the directory */
61
dir = opendir(srcdir);
60
log_info("Smack access rules directory not found: " ACCESSES_D_PATH);
64
log_warning("Failed to opendir %s: %m", srcdir);
65
return errno; /* positive on purpose */
66
log_error("Smack access rules directory " ACCESSES_D_PATH " not opened: %m");
70
71
FOREACH_DIRENT(entry, dir, return 0) {
71
73
_cleanup_fclose_ FILE *policy = NULL;
72
_cleanup_close_ int pol = -1;
74
pol = openat(dfd, entry->d_name, O_RDONLY|O_CLOEXEC);
76
log_error("Smack access rule file %s not opened: %m", entry->d_name);
75
fd = openat(dfd, entry->d_name, O_RDONLY|O_CLOEXEC);
79
log_warning("Failed to open %s: %m", entry->d_name);
80
policy = fdopen(pol, "re");
83
policy = fdopen(fd, "re");
82
log_error("Smack access rule file %s not opened: %m", entry->d_name);
87
close_nointr_nofail(fd);
88
log_error("Failed to open %s: %m", entry->d_name);
88
92
/* load2 write rules in the kernel require a line buffered stream */
89
FOREACH_LINE(buf, policy, log_error("Failed to read from Smack access rule file %s: %m", entry->d_name)) {
93
FOREACH_LINE(buf, policy,
94
log_error("Failed to read line from %s: %m",
96
if (!fputs(buf, dst)) {
99
log_error("Failed to write line to %s", dstpath);
105
log_error("Failed to flush writes to %s: %m", dstpath);
95
log_info("Successfully loaded Smack policies.");
115
int smack_setup(void) {
118
r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
121
log_debug("Smack is not enabled in the kernel.");
124
log_debug("Smack access rules directory " SMACK_CONFIG " not found");
127
log_info("Successfully loaded Smack policies.");
130
log_warning("Failed to load Smack access rules: %s, ignoring.",
135
r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG);
138
log_debug("Smack/CIPSO is not enabled in the kernel.");
141
log_debug("Smack/CIPSO access rules directory " CIPSO_CONFIG " not found");
144
log_info("Successfully loaded Smack/CIPSO policies.");
147
log_warning("Failed to load Smack/CIPSO access rules: %s, ignoring.",