diff options
author | Kay Sievers <kay@vrfy.org> | 2012-04-11 12:30:53 +0200 |
---|---|---|
committer | Kay Sievers <kay@vrfy.org> | 2012-04-11 12:49:00 +0200 |
commit | cc527a4734d636f1ab5a66576cb7e232af3cc261 (patch) | |
tree | e94d4c19af3b29d0310cb5220f795e391b59bf7f /src/shared/socket-util.c | |
parent | 6ac405b493feb1041a9f83561323b642d84381a7 (diff) |
split selinux label operations out of cgroup-util, socket-util
This prevents linking of selinux and libdl for another 15 binaries.
Diffstat (limited to 'src/shared/socket-util.c')
-rw-r--r-- | src/shared/socket-util.c | 104 |
1 files changed, 0 insertions, 104 deletions
diff --git a/src/shared/socket-util.c b/src/shared/socket-util.c index 554f8ac965..618c928f06 100644 --- a/src/shared/socket-util.c +++ b/src/shared/socket-util.c @@ -37,7 +37,6 @@ #include "mkdir.h" #include "socket-util.h" #include "missing.h" -#include "label.h" int socket_address_parse(SocketAddress *a, const char *s) { int r; @@ -384,109 +383,6 @@ int socket_address_print(const SocketAddress *a, char **p) { } } -int socket_address_listen( - const SocketAddress *a, - int backlog, - SocketAddressBindIPv6Only only, - const char *bind_to_device, - bool free_bind, - bool transparent, - mode_t directory_mode, - mode_t socket_mode, - const char *label, - int *ret) { - - int r, fd, one; - assert(a); - assert(ret); - - if ((r = socket_address_verify(a)) < 0) - return r; - - if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported()) - return -EAFNOSUPPORT; - - r = label_socket_set(label); - if (r < 0) - return r; - - fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, a->protocol); - r = fd < 0 ? -errno : 0; - - label_socket_clear(); - - if (r < 0) - return r; - - if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) { - int flag = only == SOCKET_ADDRESS_IPV6_ONLY; - - if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0) - goto fail; - } - - if (socket_address_family(a) == AF_INET || socket_address_family(a) == AF_INET6) { - if (bind_to_device) - if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0) - goto fail; - - if (free_bind) { - one = 1; - if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0) - log_warning("IP_FREEBIND failed: %m"); - } - - if (transparent) { - one = 1; - if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) - log_warning("IP_TRANSPARENT failed: %m"); - } - } - - one = 1; - if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0) - goto fail; - - if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) { - mode_t old_mask; - - /* Create parents */ - mkdir_parents(a->sockaddr.un.sun_path, directory_mode); - - /* Enforce the right access mode for the socket*/ - old_mask = umask(~ socket_mode); - - /* Include the original umask in our mask */ - umask(~socket_mode | old_mask); - - r = label_bind(fd, &a->sockaddr.sa, a->size); - - if (r < 0 && errno == EADDRINUSE) { - /* Unlink and try again */ - unlink(a->sockaddr.un.sun_path); - r = bind(fd, &a->sockaddr.sa, a->size); - } - - umask(old_mask); - } else - r = bind(fd, &a->sockaddr.sa, a->size); - - if (r < 0) - goto fail; - - if (socket_address_can_accept(a)) - if (listen(fd, backlog) < 0) - goto fail; - - *ret = fd; - return 0; - -fail: - r = -errno; - close_nointr_nofail(fd); - return r; -} - bool socket_address_can_accept(const SocketAddress *a) { assert(a); |