diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2014-12-01 20:43:19 -0500 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2014-12-09 21:36:08 -0500 |
commit | 553acb7b6b8d4f16a4747b1f978e8b7888fbfb2c (patch) | |
tree | b9a473c853c616b256ed3ea1dc5f8e9c7838b289 /src/core/ima-setup.c | |
parent | cb01aedc3b4ba70859267159fe716253e3551ec6 (diff) |
treewide: sanitize loop_write
loop_write() didn't follow the usual systemd rules and returned status
partially in errno and required extensive checks from callers. Some of
the callers dealt with this properly, but many did not, treating
partial writes as successful. Simplify things by conforming to usual rules.
Diffstat (limited to 'src/core/ima-setup.c')
-rw-r--r-- | src/core/ima-setup.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c index 3416802bcb..3470ca1768 100644 --- a/src/core/ima-setup.c +++ b/src/core/ima-setup.c @@ -42,13 +42,13 @@ #define IMA_POLICY_PATH "/etc/ima/ima-policy" int ima_setup(void) { + int r = 0; #ifdef HAVE_IMA struct stat st; - ssize_t policy_size = 0, written = 0; + ssize_t policy_size = 0; char *policy; _cleanup_close_ int policyfd = -1, imafd = -1; - int result = 0; if (stat(IMA_POLICY_PATH, &st) < 0) return 0; @@ -81,13 +81,13 @@ int ima_setup(void) { policy = mmap(NULL, policy_size, PROT_READ, MAP_PRIVATE, policyfd, 0); if (policy == MAP_FAILED) { log_error_errno(errno, "mmap() failed (%m), freezing"); - result = -errno; + r = -errno; goto out; } - written = loop_write(imafd, policy, (size_t)policy_size, false); - if (written != policy_size) { - log_error_errno(errno, "Failed to load the IMA custom policy file %s (%m), ignoring.", + r = loop_write(imafd, policy, (size_t)policy_size, false); + if (r < 0) { + log_error_errno(r, "Failed to load the IMA custom policy file %s (%m), ignoring.", IMA_POLICY_PATH); goto out_mmap; } @@ -97,9 +97,6 @@ int ima_setup(void) { out_mmap: munmap(policy, policy_size); out: - if (result) - return result; #endif /* HAVE_IMA */ - - return 0; + return r; } |