summaryrefslogtreecommitdiff
path: root/src/core
diff options
context:
space:
mode:
Diffstat (limited to 'src/core')
-rw-r--r--src/core/execute.c2
-rw-r--r--src/core/main.c4
-rw-r--r--src/core/namespace.c4
-rw-r--r--src/core/selinux-setup.c4
-rw-r--r--src/core/socket.c26
5 files changed, 20 insertions, 20 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index f535b4778a..caff2c6b5c 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1681,7 +1681,7 @@ static int exec_child(ExecCommand *command,
if (params->selinux_context_net && socket_fd >= 0) {
_cleanup_free_ char *label = NULL;
- err = label_get_child_mls_label(socket_fd, command->path, &label);
+ err = mac_selinux_get_child_mls_label(socket_fd, command->path, &label);
if (err < 0) {
*error = EXIT_SELINUX_CONTEXT;
return err;
diff --git a/src/core/main.c b/src/core/main.c
index 0388f46c36..95597deaf2 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1308,7 +1308,7 @@ int main(int argc, char *argv[]) {
dual_timestamp_get(&security_finish_timestamp);
}
- if (label_init(NULL) < 0)
+ if (mac_selinux_init(NULL) < 0)
goto finish;
if (!skip_setup) {
@@ -1830,7 +1830,7 @@ finish:
free(arg_start_timeout_reboot_arg);
arg_start_timeout_reboot_arg = NULL;
- label_finish();
+ mac_selinux_finish();
if (reexecute) {
const char **args;
diff --git a/src/core/namespace.c b/src/core/namespace.c
index ab03aebf5b..6dd7a4f25e 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -225,9 +225,9 @@ static int mount_dev(BindMount *m) {
goto fail;
}
- label_context_set(d, st.st_mode);
+ mac_selinux_context_set(d, st.st_mode);
r = mknod(dn, st.st_mode, st.st_rdev);
- label_context_clear();
+ mac_selinux_context_clear();
if (r < 0) {
r = -errno;
diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
index b419a2710a..8be97fc417 100644
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -87,7 +87,7 @@ int selinux_setup(bool *loaded_policy) {
retest_selinux();
/* Transition to the new context */
- r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
+ r = mac_selinux_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
if (r < 0 || label == NULL) {
log_open();
log_error("Failed to compute init label, ignoring.");
@@ -98,7 +98,7 @@ int selinux_setup(bool *loaded_policy) {
if (r < 0)
log_error("Failed to transition into init label '%s', ignoring.", label);
- label_free(label);
+ mac_selinux_free(label);
}
after_load = now(CLOCK_MONOTONIC);
diff --git a/src/core/socket.c b/src/core/socket.c
index 00d5fd1192..fce1695f07 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -921,12 +921,12 @@ static void socket_apply_socket_options(Socket *s, int fd) {
}
if (s->smack_ip_in)
- if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
- log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
+ if (mac_smack_set_ip_in_fd(fd, s->smack_ip_in) < 0)
+ log_error_unit(UNIT(s)->id, "mac_smack_set_ip_in_fd: %m");
if (s->smack_ip_out)
- if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
- log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
+ if (mac_smack_set_ip_out_fd(fd, s->smack_ip_out) < 0)
+ log_error_unit(UNIT(s)->id, "mac_smack_set_ip_out_fd: %m");
}
static void socket_apply_fifo_options(Socket *s, int fd) {
@@ -939,8 +939,8 @@ static void socket_apply_fifo_options(Socket *s, int fd) {
"F_SETPIPE_SZ: %m");
if (s->smack)
- if (smack_label_fd(fd, s->smack) < 0)
- log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
+ if (mac_smack_set_fd(fd, s->smack) < 0)
+ log_error_unit(UNIT(s)->id, "mac_smack_set_fd: %m");
}
static int fifo_address_create(
@@ -958,7 +958,7 @@ static int fifo_address_create(
mkdir_parents_label(path, directory_mode);
- r = label_context_set(path, S_IFIFO);
+ r = mac_selinux_context_set(path, S_IFIFO);
if (r < 0)
goto fail;
@@ -981,7 +981,7 @@ static int fifo_address_create(
goto fail;
}
- label_context_clear();
+ mac_selinux_context_clear();
if (fstat(fd, &st) < 0) {
r = -errno;
@@ -1001,7 +1001,7 @@ static int fifo_address_create(
return 0;
fail:
- label_context_clear();
+ mac_selinux_context_clear();
safe_close(fd);
return r;
@@ -1131,7 +1131,7 @@ static int socket_open_fds(Socket *s) {
if (p->type == SOCKET_SOCKET) {
if (!know_label && s->selinux_context_from_net) {
- r = label_get_our_label(&label);
+ r = mac_selinux_get_our_label(&label);
if (r < 0)
return r;
know_label = true;
@@ -1143,7 +1143,7 @@ static int socket_open_fds(Socket *s) {
if (UNIT_ISSET(s->service) &&
SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
- r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
+ r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
if (r < 0 && r != -EPERM)
return r;
}
@@ -1204,12 +1204,12 @@ static int socket_open_fds(Socket *s) {
assert_not_reached("Unknown port type");
}
- label_free(label);
+ mac_selinux_free(label);
return 0;
rollback:
socket_close_fds(s);
- label_free(label);
+ mac_selinux_free(label);
return r;
}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-06 15:23:25 +0000