diff options
Diffstat (limited to 'src/shared/smack-util.c')
| -rw-r--r-- | src/shared/smack-util.c | 45 |
1 files changed, 43 insertions, 2 deletions
diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c index 8f83562bf6..04ee217d2f 100644 --- a/src/shared/smack-util.c +++ b/src/shared/smack-util.c @@ -21,10 +21,10 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ -#include <unistd.h> -#include <string.h> #include <sys/xattr.h> +#include "util.h" +#include "path-util.h" #include "smack-util.h" bool use_smack(void) { @@ -87,3 +87,44 @@ int smack_label_ip_in_fd(int fd, const char *label) { return 0; #endif } + +int smack_relabel_in_dev(const char *path) { + int r = 0; + +#ifdef HAVE_SMACK + struct stat sb; + const char *label; + + /* + * Path must be in /dev and must exist + */ + if (!path_startswith(path, "/dev")) + return 0; + + r = lstat(path, &sb); + if (r < 0) + return -errno; + + /* + * Label directories and character devices "*". + * Label symlinks "_". + * Don't change anything else. + */ + if (S_ISDIR(sb.st_mode)) + label = SMACK_STAR_LABEL; + else if (S_ISLNK(sb.st_mode)) + label = SMACK_FLOOR_LABEL; + else if (S_ISCHR(sb.st_mode)) + label = SMACK_STAR_LABEL; + else + return 0; + + r = setxattr(path, "security.SMACK64", label, strlen(label), 0); + if (r < 0) { + log_error("Smack relabeling \"%s\" %m", path); + return -errno; + } +#endif + + return r; +} |