summaryrefslogtreecommitdiff
path: root/src/core
diff options
context:
space:
mode:
authorDaniel Mack <github@zonque.org>2015-08-04 14:27:09 +0200
committerDaniel Mack <github@zonque.org>2015-08-04 14:27:09 +0200
commitee80b4b2977186883aab6b90adcb87c7a4b24ea3 (patch)
treefc00d0ef4918737450f6872cd9b547db27bd1804 /src/core
parent5977db2a3acd86214ad214fe692fd354f46c5955 (diff)
parente419a0e31089994ecd1d9019c791e63d13b37584 (diff)
Merge pull request #860 from walyong/smack_v11
Smack v11: set only the default smack process label if the command path has no execute label
Diffstat (limited to 'src/core')
-rw-r--r--src/core/execute.c10
-rw-r--r--src/core/socket.c6
2 files changed, 12 insertions, 4 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index 21721dc240..f14ae4d8a6 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1719,7 +1719,15 @@ static int exec_child(
}
#ifdef SMACK_DEFAULT_PROCESS_LABEL
else {
- r = mac_smack_apply_pid(0, SMACK_DEFAULT_PROCESS_LABEL);
+ _cleanup_free_ char *exec_label = NULL;
+
+ r = mac_smack_read(command->path, SMACK_ATTR_EXEC, &exec_label);
+ if (r < 0 && r != -ENODATA && r != -EOPNOTSUPP) {
+ *exit_status = EXIT_SMACK_PROCESS_LABEL;
+ return r;
+ }
+
+ r = mac_smack_apply_pid(0, exec_label ? : SMACK_DEFAULT_PROCESS_LABEL);
if (r < 0) {
*exit_status = EXIT_SMACK_PROCESS_LABEL;
return r;
diff --git a/src/core/socket.c b/src/core/socket.c
index 87631f8753..a387057473 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -923,13 +923,13 @@ static void socket_apply_socket_options(Socket *s, int fd) {
log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
if (s->smack_ip_in) {
- r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
+ r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
if (r < 0)
log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
}
if (s->smack_ip_out) {
- r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
+ r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
if (r < 0)
log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
}
@@ -946,7 +946,7 @@ static void socket_apply_fifo_options(Socket *s, int fd) {
log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
if (s->smack) {
- r = mac_smack_apply_fd(fd, s->smack);
+ r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
if (r < 0)
log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
}