summaryrefslogtreecommitdiff
path: root/src/shared/label.c
AgeCommit message (Collapse)Author
2015-06-11build-sys: split internal basic/ library from shared/Kay Sievers
basic/ can be used by everything cannot use anything outside of basic/ libsystemd/ can use basic/ cannot use shared/ shared/ can use libsystemd/
2014-12-28tmpfiles: add new line type 'v' for creating btrfs subvolumesLennart Poettering
2014-10-23label: unify code to make directories, symlinksLennart Poettering
2014-10-23smack: rework SMACK label fixing code to follow more closely the semantics ↵Lennart Poettering
of the matching selinux code
2014-10-23mac: rename all calls that apply a label mac_{selinux|smack}_apply_xyz(), ↵Lennart Poettering
and all that reset it to defaults mac_{selinux|smack}_fix() Let's clean up the naming schemes a bit and use the same one for SMACK and for SELINUX.
2014-10-23mac: also rename use_{smack,selinux,apparmor}() calls so that they share the ↵Lennart Poettering
new mac_{smack,selinux,apparmor}_xyz() convention
2014-10-23mac: rename apis with mac_{selinux/smack}_ prefixWaLyong Cho
2014-10-23label: rearrange mandatory access control(MAC) apisWaLyong Cho
move label apis to selinux-util.ch or smack-util.ch appropriately.
2014-10-15selinux: fix potential double free crash in child processMichal Sekletar
Before returning from function we should reset ret to NULL, thus cleanup function is nop. Also context_str() returns pointer to a string containing context but not a copy, hence we must make copy it explicitly.
2014-09-23Fix warning about unused variable with !SELINUXZbigniew Jędrzejewski-Szmek
src/shared/label.c:255:15: warning: unused variable 'l' [-Wunused-variable] char *l = NULL; ^
2014-09-19socket: introduce SELinuxContextFromNet optionMichal Sekletar
This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_mls_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
2014-08-19Revert "socket: introduce SELinuxLabelViaNet option"Lennart Poettering
This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec. Needs more discussion on the mailing list.
2014-08-19socket: introduce SELinuxLabelViaNet optionMichal Sekletar
This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
2014-06-10label: when clearing selinux context, don't mangle errnoLennart Poettering
2014-05-28build-sys: use glibc's xattr support instead of requiring libattrKay Sievers
2014-05-25Use %m instead of strerror(errno) where appropiateCristian Rodríguez
2014-02-24smack: rework security labeling for multiple frameworksŁukasz Stelmach
2014-02-24smack: relabel directories and files created by systemdŁukasz Stelmach
Systemd creates directories in /dev. These directories will get the label of systemd, which is the label of the System domain, which is not accessable to everyone. Relabel the directories, files and symlinks created so that they can be generally used. Based on a patch by Casey Schaufler <casey@schaufler-ca.com>.
2014-02-19label: minor optimizationsLennart Poettering
2013-11-18Remove duplicate includesKarel Zak
2013-10-09udev: add SECLABEL{selinux}= supportKay Sievers
2013-07-26shared: split mkdir_*() and mkdir_*_label() from each otherKay Sievers
Avoid pulling-in selinux for tools which just create directories but not need to fix the selinux label.
2013-04-04util: make time formatting a bit smarterLennart Poettering
Instead of outputting "5h 55s 50ms 3us" we'll now output "5h 55.050003s". Also, while outputting the accuracy is configurable. Basically we now try use "dot notation" for all time values > 1min. For >= 1s we use 's' as unit, otherwise for >= 1ms we use 'ms' as unit, and finally 'us'. This should give reasonably values in most cases.
2013-02-14honor SELinux labels, when creating and writing config filesHarald Hoyer
Also split out some fileio functions to fileio.c and provide a SELinux aware pendant in fileio-label.c see https://bugzilla.redhat.com/show_bug.cgi?id=881577
2012-10-16selinux: selabel_lookup_raw can return ENOENT and be a non failure mode.Daniel J Walsh
2012-10-02selinux: rework selinux access check logicLennart Poettering
a) Instead of parsing the bus messages inside of selinux-access.c simply pass everything pre-parsed in the functions b) implement the access checking with a macro that resolves to nothing on non-selinux builds c) split out the selinux checks into their own sources selinux-util.[ch] d) this unifies the job creation code behind the D-Bus calls Manager.StartUnit() and Unit.Start().
2012-07-03mount-setup: don't complain if we try to fix the label of a dir beneath a ↵Lennart Poettering
mount but can't due to EROFS
2012-05-31Revert "label: fix systemd-udev labeling of /run directory."Kay Sievers
This reverts commit 9b5af248f04b6cad8a5bca836e89a39e9f6823d9. Udev now explicitely labels only files/directories in /dev. The selinux array API is not released and will not work on other distros at this moment.
2012-05-31mkdir: provide all functions with and without selinux label applicationKay Sievers
2012-05-31label: fix systemd-udev labeling of /run directory.Daniel J Walsh
systemd-udev is currently incorrectly labeling /run/udev/* content because it is using selinux prefix labeling of /dev. This patch will allow systemd-udev to use prefix labeling of /dev and /run.
2012-05-31selinux: downgrade database load time message to LOG_DEBUGLennart Poettering
2012-05-08util: split-out path-util.[ch]Kay Sievers
2012-04-17selinux: unify systemd and udev codeKay Sievers
2012-04-12relicense to LGPLv2.1 (with exceptions)Lennart Poettering
We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
2012-04-10util: move all to shared/ and split external dependencies in separate ↵Kay Sievers
internal libraries Before: $ ldd /lib/systemd/systemd-timestamp linux-vdso.so.1 => (0x00007fffb05ff000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f90aac57000) libcap.so.2 => /lib64/libcap.so.2 (0x00007f90aaa53000) librt.so.1 => /lib64/librt.so.1 (0x00007f90aa84a000) libc.so.6 => /lib64/libc.so.6 (0x00007f90aa494000) /lib64/ld-linux-x86-64.so.2 (0x00007f90aae90000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f90aa290000) libattr.so.1 => /lib64/libattr.so.1 (0x00007f90aa08a000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f90a9e6e000) After: $ ldd systemd-timestamp linux-vdso.so.1 => (0x00007fff3cbff000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5eaa1c3000) librt.so.1 => /lib64/librt.so.1 (0x00007f5ea9fbb000) libc.so.6 => /lib64/libc.so.6 (0x00007f5ea9c04000) /lib64/ld-linux-x86-64.so.2 (0x00007f5eaa3fc000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f5ea9a00000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5ea97e4000)