static int add_match(sd_journal *j, const char *match) { _cleanup_free_ char *p = NULL; const char* prefix, *pattern; pid_t pid; int r; if (strchr(match, '=')) prefix = ""; else if (strchr(match, '/')) { r = path_make_absolute_cwd(match, &p); if (r < 0) return log_error_errno(r, "path_make_absolute_cwd(\"%s\"): %m", match); match = p; prefix = "COREDUMP_EXE="; } else if (parse_pid(match, &pid) >= 0) prefix = "COREDUMP_PID="; else prefix = "COREDUMP_COMM="; pattern = strjoina(prefix, match); log_debug("Adding match: %s", pattern); r = sd_journal_add_match(j, pattern, 0); if (r < 0) return log_error_errno(r, "Failed to add match \"%s\": %m", match); return 0; }
static int add_match(Set *set, const char *match) { _cleanup_free_ char *p = NULL; char *pattern = NULL; const char* prefix; pid_t pid; int r; if (strchr(match, '=')) prefix = ""; else if (strchr(match, '/')) { r = path_make_absolute_cwd(match, &p); if (r < 0) goto fail; match = p; prefix = "COREDUMP_EXE="; } else if (parse_pid(match, &pid) >= 0) prefix = "COREDUMP_PID="; else prefix = "COREDUMP_COMM="; pattern = strjoin(prefix, match, NULL); if (!pattern) { r = -ENOMEM; goto fail; } log_debug("Adding pattern: %s", pattern); r = set_consume(set, pattern); if (r < 0) goto fail; return 0; fail: return log_error_errno(r, "Failed to add match: %m"); }
int label_mkdir( const char *path, mode_t mode) { /* Creates a directory and labels it according to the SELinux policy */ #ifdef HAVE_SELINUX int r; security_context_t fcon = NULL; if (use_selinux() && label_hnd) { if (path_is_absolute(path)) r = selabel_lookup_raw(label_hnd, &fcon, path, mode); else { char *newpath = NULL; if (!(newpath = path_make_absolute_cwd(path))) return -ENOMEM; r = selabel_lookup_raw(label_hnd, &fcon, newpath, mode); free(newpath); } if (r == 0) r = setfscreatecon(fcon); if (r < 0 && errno != ENOENT) { log_error("Failed to set security context %s for %s: %m", fcon, path); r = -errno; if (security_getenforce() == 1) goto finish; } } if ((r = mkdir(path, mode)) < 0) r = -errno; finish: if (use_selinux() && label_hnd) { setfscreatecon(NULL); freecon(fcon); } return r; #else return mkdir(path, mode); #endif }
int path_strv_make_absolute_cwd(char **l) { char **s; int r; /* Goes through every item in the string list and makes it * absolute. This works in place and won't rollback any * changes on failure. */ STRV_FOREACH(s, l) { char *t; r = path_make_absolute_cwd(*s, &t); if (r < 0) return r; free(*s); *s = t; }
int mac_selinux_create_file_prepare(const char *path, mode_t mode) { #ifdef HAVE_SELINUX _cleanup_freecon_ char *filecon = NULL; int r; assert(path); if (!label_hnd) return 0; if (path_is_absolute(path)) r = selabel_lookup_raw(label_hnd, &filecon, path, mode); else { _cleanup_free_ char *newpath = NULL; r = path_make_absolute_cwd(path, &newpath); if (r < 0) return r; r = selabel_lookup_raw(label_hnd, &filecon, newpath, mode); } if (r < 0) { /* No context specified by the policy? Proceed without setting it. */ if (errno == ENOENT) return 0; log_enforcing("Failed to determine SELinux security context for %s: %m", path); } else { if (setfscreatecon_raw(filecon) >= 0) return 0; /* Success! */ log_enforcing("Failed to set SELinux security context %s for %s: %m", filecon, path); } if (security_getenforce() > 0) return -errno; #endif return 0; }
static int add_match(Set *set, const char *match) { int r = -ENOMEM; unsigned pid; const char* prefix; char *pattern = NULL; _cleanup_free_ char *p = NULL; if (strchr(match, '=')) prefix = ""; else if (strchr(match, '/')) { p = path_make_absolute_cwd(match); if (!p) goto fail; match = p; prefix = "COREDUMP_EXE="; } else if (safe_atou(match, &pid) == 0) prefix = "COREDUMP_PID="; else prefix = "COREDUMP_COMM="; pattern = strjoin(prefix, match, NULL); if (!pattern) goto fail; log_debug("Adding pattern: %s", pattern); r = set_put(set, pattern); if (r < 0) { log_error("Failed to add pattern '%s': %s", pattern, strerror(-r)); free(pattern); goto fail; } return 0; fail: log_error("Failed to add match: %s", strerror(-r)); return r; }
static int prepare_filename(const char *filename, char **ret) { int r; const char *name; _cleanup_free_ char *abspath = NULL; _cleanup_free_ char *dir = NULL; _cleanup_free_ char *with_instance = NULL; char *c; assert(filename); assert(ret); r = path_make_absolute_cwd(filename, &abspath); if (r < 0) return r; name = basename(abspath); if (!unit_name_is_valid(name, UNIT_NAME_ANY)) return -EINVAL; if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) { r = unit_name_replace_instance(name, "i", &with_instance); if (r < 0) return r; } dir = dirname_malloc(abspath); if (!dir) return -ENOMEM; if (with_instance) c = path_join(NULL, dir, with_instance); else c = path_join(NULL, dir, name); if (!c) return -ENOMEM; *ret = c; return 0; }
static int parse_argv(int argc, char *argv[]) { enum { ARG_VERSION = 0x100, ARG_ROOT, ARG_LOCALE, ARG_LOCALE_MESSAGES, ARG_TIMEZONE, ARG_HOSTNAME, ARG_MACHINE_ID, ARG_ROOT_PASSWORD, ARG_ROOT_PASSWORD_FILE, ARG_PROMPT, ARG_PROMPT_LOCALE, ARG_PROMPT_TIMEZONE, ARG_PROMPT_HOSTNAME, ARG_PROMPT_ROOT_PASSWORD, ARG_COPY, ARG_COPY_LOCALE, ARG_COPY_TIMEZONE, ARG_COPY_ROOT_PASSWORD, ARG_SETUP_MACHINE_ID, }; static const struct option options[] = { { "help", no_argument, NULL, 'h' }, { "version", no_argument, NULL, ARG_VERSION }, { "root", required_argument, NULL, ARG_ROOT }, { "locale", required_argument, NULL, ARG_LOCALE }, { "locale-messages", required_argument, NULL, ARG_LOCALE_MESSAGES }, { "timezone", required_argument, NULL, ARG_TIMEZONE }, { "hostname", required_argument, NULL, ARG_HOSTNAME }, { "machine-id", required_argument, NULL, ARG_MACHINE_ID }, { "root-password", required_argument, NULL, ARG_ROOT_PASSWORD }, { "root-password-file", required_argument, NULL, ARG_ROOT_PASSWORD_FILE }, { "prompt", no_argument, NULL, ARG_PROMPT }, { "prompt-locale", no_argument, NULL, ARG_PROMPT_LOCALE }, { "prompt-timezone", no_argument, NULL, ARG_PROMPT_TIMEZONE }, { "prompt-hostname", no_argument, NULL, ARG_PROMPT_HOSTNAME }, { "prompt-root-password", no_argument, NULL, ARG_PROMPT_ROOT_PASSWORD }, { "copy", no_argument, NULL, ARG_COPY }, { "copy-locale", no_argument, NULL, ARG_COPY_LOCALE }, { "copy-timezone", no_argument, NULL, ARG_COPY_TIMEZONE }, { "copy-root-password", no_argument, NULL, ARG_COPY_ROOT_PASSWORD }, { "setup-machine-id", no_argument, NULL, ARG_SETUP_MACHINE_ID }, {} }; int r, c; assert(argc >= 0); assert(argv); while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) switch (c) { case 'h': help(); return 0; case ARG_VERSION: return version(); case ARG_ROOT: free(arg_root); arg_root = path_make_absolute_cwd(optarg); if (!arg_root) return log_oom(); path_kill_slashes(arg_root); if (path_equal(arg_root, "/")) arg_root = mfree(arg_root); break; case ARG_LOCALE: if (!locale_is_valid(optarg)) { log_error("Locale %s is not valid.", optarg); return -EINVAL; } r = free_and_strdup(&arg_locale, optarg); if (r < 0) return log_oom(); break; case ARG_LOCALE_MESSAGES: if (!locale_is_valid(optarg)) { log_error("Locale %s is not valid.", optarg); return -EINVAL; } r = free_and_strdup(&arg_locale_messages, optarg); if (r < 0) return log_oom(); break; case ARG_TIMEZONE: if (!timezone_is_valid(optarg)) { log_error("Timezone %s is not valid.", optarg); return -EINVAL; } r = free_and_strdup(&arg_timezone, optarg); if (r < 0) return log_oom(); break; case ARG_ROOT_PASSWORD: r = free_and_strdup(&arg_root_password, optarg); if (r < 0) return log_oom(); break; case ARG_ROOT_PASSWORD_FILE: arg_root_password = mfree(arg_root_password); r = read_one_line_file(optarg, &arg_root_password); if (r < 0) return log_error_errno(r, "Failed to read %s: %m", optarg); break; case ARG_HOSTNAME: if (!hostname_is_valid(optarg, true)) { log_error("Host name %s is not valid.", optarg); return -EINVAL; } hostname_cleanup(optarg); r = free_and_strdup(&arg_hostname, optarg); if (r < 0) return log_oom(); break; case ARG_MACHINE_ID: if (sd_id128_from_string(optarg, &arg_machine_id) < 0) { log_error("Failed to parse machine id %s.", optarg); return -EINVAL; } break; case ARG_PROMPT: arg_prompt_locale = arg_prompt_timezone = arg_prompt_hostname = arg_prompt_root_password = true; break; case ARG_PROMPT_LOCALE: arg_prompt_locale = true; break; case ARG_PROMPT_TIMEZONE: arg_prompt_timezone = true; break; case ARG_PROMPT_HOSTNAME: arg_prompt_hostname = true; break; case ARG_PROMPT_ROOT_PASSWORD: arg_prompt_root_password = true; break; case ARG_COPY: arg_copy_locale = arg_copy_timezone = arg_copy_root_password = true; break; case ARG_COPY_LOCALE: arg_copy_locale = true; break; case ARG_COPY_TIMEZONE: arg_copy_timezone = true; break; case ARG_COPY_ROOT_PASSWORD: arg_copy_root_password = true; break; case ARG_SETUP_MACHINE_ID: r = sd_id128_randomize(&arg_machine_id); if (r < 0) return log_error_errno(r, "Failed to generate randomized machine ID: %m"); break; case '?': return -EINVAL; default: assert_not_reached("Unhandled option"); } return 1; }
int mac_selinux_bind(int fd, const struct sockaddr *addr, socklen_t addrlen) { /* Binds a socket and label its file system object according to the SELinux policy */ #ifdef HAVE_SELINUX _cleanup_freecon_ char *fcon = NULL; const struct sockaddr_un *un; bool context_changed = false; char *path; int r; assert(fd >= 0); assert(addr); assert(addrlen >= sizeof(sa_family_t)); if (!label_hnd) goto skipped; /* Filter out non-local sockets */ if (addr->sa_family != AF_UNIX) goto skipped; /* Filter out anonymous sockets */ if (addrlen < offsetof(struct sockaddr_un, sun_path) + 1) goto skipped; /* Filter out abstract namespace sockets */ un = (const struct sockaddr_un*) addr; if (un->sun_path[0] == 0) goto skipped; path = strndupa(un->sun_path, addrlen - offsetof(struct sockaddr_un, sun_path)); if (path_is_absolute(path)) r = selabel_lookup_raw(label_hnd, &fcon, path, S_IFSOCK); else { _cleanup_free_ char *newpath = NULL; r = path_make_absolute_cwd(path, &newpath); if (r < 0) return r; r = selabel_lookup_raw(label_hnd, &fcon, newpath, S_IFSOCK); } if (r < 0) { /* No context specified by the policy? Proceed without setting it */ if (errno == ENOENT) goto skipped; log_enforcing("Failed to determine SELinux security context for %s: %m", path); if (security_getenforce() > 0) return -errno; } else { if (setfscreatecon_raw(fcon) < 0) { log_enforcing("Failed to set SELinux security context %s for %s: %m", fcon, path); if (security_getenforce() > 0) return -errno; } else context_changed = true; } r = bind(fd, addr, addrlen) < 0 ? -errno : 0; if (context_changed) setfscreatecon_raw(NULL); return r; skipped: #endif if (bind(fd, addr, addrlen) < 0) return -errno; return 0; }