diff options
author | Karol Lewandowski <k.lewandowsk@samsung.com> | 2013-05-16 10:40:03 +0200 |
---|---|---|
committer | Auke Kok <auke-jan.h.kok@intel.com> | 2013-05-17 09:58:28 -0700 |
commit | 2b3e18de74ca89b374dd4f7a2c30e5731d347841 (patch) | |
tree | 305669069e73f82fd838117c93709dce7d0b0b3f /src/core | |
parent | 264ad849a4a0acf1ca392da62b7018d4fe7b66b3 (diff) |
Make it possible to disable smack separately from xattr support
Additionally, compile out rule loading if feature is disabled.
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/smack-setup.c | 10 | ||||
-rw-r--r-- | src/core/socket.c | 4 |
2 files changed, 12 insertions, 2 deletions
diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c index 73eeb04190..d67a84a583 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c @@ -42,6 +42,8 @@ #define SMACK_CONFIG "/etc/smack/accesses.d/" #define CIPSO_CONFIG "/etc/smack/cipso/" +#ifdef HAVE_SMACK + static int write_rules(const char* dstpath, const char* srcdir) { _cleanup_fclose_ FILE *dst = NULL; _cleanup_closedir_ DIR *dir = NULL; @@ -111,8 +113,12 @@ static int write_rules(const char* dstpath, const char* srcdir) { return r; } +#endif int smack_setup(void) { + +#ifdef HAVE_SMACK + int r; r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG); @@ -148,4 +154,8 @@ int smack_setup(void) { strerror(abs(r))); return 0; } + +#endif + + return 0; } diff --git a/src/core/socket.c b/src/core/socket.c index 1b08f0a5fd..37ca228e6b 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -788,7 +788,7 @@ static void socket_apply_socket_options(Socket *s, int fd) { if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0) log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m"); -#ifdef HAVE_XATTR +#ifdef HAVE_SMACK if (s->smack_ip_in) if (fsetxattr(fd, "security.SMACK64IPIN", s->smack_ip_in, strlen(s->smack_ip_in), 0) < 0) log_error_unit(UNIT(s)->id, @@ -810,7 +810,7 @@ static void socket_apply_fifo_options(Socket *s, int fd) { log_warning_unit(UNIT(s)->id, "F_SETPIPE_SZ: %m"); -#ifdef HAVE_XATTR +#ifdef HAVE_SMACK if (s->smack) if (fsetxattr(fd, "security.SMACK64", s->smack, strlen(s->smack), 0) < 0) log_error_unit(UNIT(s)->id, |