Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
Normally we shouldn#t log from "library" functions, but SELinux is
weird, hence upgrade security messages uniformly to LOG_ERR when in
enforcing mode.
|
|
APIs that query and return something cannot silently fail, they must
either return something useful, or an error. Fix that.
Also, properly rollback socket unit fd creation when something goes
wrong with the security framework.
|
|
|
|
|
|
of the matching selinux code
|
|
previously mac_smack_apply(path, NULL) would operate on the symlink
itself while mac_smack_apply(path, "foo") would follow the symlink.
Let's clean this up an always operate on the symlink, which appears to
be the safer option.
|
|
a) always return negative errno error codes
b) always become a noop if smack is off
c) always take a NULL label as a request to remove it
|
|
and all that reset it to defaults mac_{selinux|smack}_fix()
Let's clean up the naming schemes a bit and use the same one for SMACK
and for SELINUX.
|
|
|
|
It cannot fail in the current hashmap implementation, but it may fail in
alternative implementations (unless a sufficiently large reservation has
been placed beforehand).
|
|
That hashmap_move_one() currently cannot fail with -ENOMEM is an
implementation detail, which is not possible to guarantee in general.
Hashmap implementations based on anything else than chaining of
individual entries may have to allocate.
hashmap_move_one will not fail with -ENOMEM if a proper reservation has
been made beforehand. Use reservations in install.c.
In cgtop.c simply propagate the error instead of asserting.
|
|
With the current hashmap implementation that uses chaining, placing a
reservation can serve two purposes:
- To optimize putting of entries if the number of entries to put is
known. The reservation allocates buckets, so later resizing can be
avoided.
- To avoid having very long bucket chains after using
hashmap_move(_one).
In an alternative hashmap implementation it will serve an additional
purpose:
- To guarantee a subsequent hashmap_move(_one) will not fail with
-ENOMEM (this never happens in the current implementation).
|
|
Return 0 if no resize was needed, 1 if successfully resized and
negative on error.
|
|
|
|
It appears order may matter here. Use OrderedHashmaps to be safe.
|
|
It's handled just fine by returning NULL.
|
|
-ENOENT is the same return value as if 'other' were an allocated hashmap
that does not contain the key. A NULL hashmap is a possible way of
expressing a hashmap that contains no key.
|
|
Few Hashmaps/Sets need to remember the insertion order. Most don't care
about the order when iterating. It would be possible to use more compact
hashmap storage in the latter cases.
Add OrderedHashmap as a distinct type from Hashmap, with functions
prefixed with "ordered_". For now, the functions are nothing more than
inline wrappers for plain Hashmap functions.
|
|
new mac_{smack,selinux,apparmor}_xyz() convention
|
|
|
|
move label apis to selinux-util.ch or smack-util.ch appropriately.
|
|
Repetetive messages can be annoying when running with
SYSTEMD_LOG_LEVEL=debug, but they are sometimes very useful
when debugging problems. Add log_trace which is like log_debug
but becomes a noop unless LOG_TRACE is defined during compilation.
This makes it easy to enable very verbose logging for a subset
of programs when compiling from source.
|
|
socknameinfo_pretty() would fail for addresses without reverse DNS,
but we do not want that to happen.
|
|
|
|
string_is_safe()
After all, we know have this as generic validator, so let's be correct
and use it wherver applicable.
|
|
We can simplify our code quite a bit if we explicitly check for the
ifindex being 1 on Linux as a loopback check. Apparently, this is
hardcoded on Linux on the kernel, and effectively exported to userspace
via rtnl and such, hence we should be able to rely on it.
|
|
This could overflow on 32bit, where size_t is the same as unsigned.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=76745
|
|
- mkdir_p_prefix: It has never been used
- mkdir_parents_prefix_label: Unused since 1434ae6fd49f8377b0ddbd4c675736e0d3226ea6
|
|
|
|
Leaving the old root around seems better than aborting the
switch.
|
|
|
|
It was only used in readahead.
|
|
Before returning from function we should reset ret to NULL, thus cleanup
function is nop.
Also context_str() returns pointer to a string containing context but not a
copy, hence we must make copy it explicitly.
|
|
We could end with a double close if we close the fd loop and flush_fd
fails. That would make us goto fail and there we close the fd once
again. This patch sets the fd to the return value for safe_close: -1
A fd with negative value will be ignored by the next call to
safe_close.
CID#996223
|
|
Also, let's try to make function names descriptive, instead of using
bools for flags.
|
|
|
|
|
|
|
|
linux/memfd.h was added linux 3.17, so it might not be widely
available for a while.
Also, check if memfd_create is defined, for the HAVE_LINUX_MEMFD_H
check to have a chance of succeeding.
Also, collapse all ifdefs for memfd-related stuff, because they
were all added together so there's no need to check separately.
|
|
Programs such as OpenVPN may use ask-password for not only retrieving
passwords, but also usernames. Masking usernames with * seems just silly.
v2 - Don't mess with termios flags, instead print the input
instead of an asterix. Resolves issues with backspace
and TAB input.
v3 - Renamed 'do_echo' variables and argument to 'echo'. Also
modified the ask_password_{tty,agent,auto} API instead of
additional wrapper functions.
[zj: undo changes to ask_password_auto, since no callers were using
the new argument.]
|
|
As it turns out, I can actually send data to the pty faster than the
terminal can read. Therefore, make sure we read as much data as possible
but bail out early enough to not cause starvation.
Kernel TTY buffers are 4k, so reduce the overall buffer size, but read
more than once if possible (up to 8 times sounds reasonable).
|
|
The status of actually writing the file was totally ignored.
|
|
The --utc option was introduced by commit
9fd290443f5f99fca0dcd4216b1de70f7d3b8db1.
Howerver, the implementation was incomplete.
|
|
|
|
Fixup for 718880ba0d 'add a transient user unit directory'.
|