picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge pull request #14813 from keszybz/renames-and-null-printf

Browse source 
Rename follow-up and gcc warning fix
This commit is contained in:
Yu Watanabe 2020-02-07 13:21:17 +09:00 committed by GitHub
parent 0ae5ffe063 cff789b746
commit 1e5e89d76d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 72 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/basic/selinux-util.c
View file

@ -28,10 +28,7 @@
#include "time-util.h"
#if HAVE_SELINUX
DEFINE_TRIVIAL_CLEANUP_FUNC(char*, freecon);
DEFINE_TRIVIAL_CLEANUP_FUNC(context_t, context_free);
#define _cleanup_freecon_ _cleanup_(freeconp)
#define _cleanup_context_free_ _cleanup_(context_freep)
static int cached_use = -1;

7
src/basic/selinux-util.h
View file

@ -8,6 +8,13 @@
#include "macro.h"
#include "label.h"
#if HAVE_SELINUX
#include <selinux/selinux.h>
DEFINE_TRIVIAL_CLEANUP_FUNC(char*, freecon);
#define _cleanup_freecon_ _cleanup_(freeconp)
#endif
bool mac_selinux_use(void);
void mac_selinux_retest(void);

71
src/core/selinux-access.c
View file

@ -181,11 +181,11 @@ int mac_selinux_generic_access_check(
sd_bus_error *error) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
const char *tclass = NULL, *scon = NULL;
struct audit_info audit_info = {};
const char *tclass, *scon;
_cleanup_free_ char *cl = NULL;
char *fcon = NULL;
_cleanup_freecon_ char *fcon = NULL;
char **cmdline = NULL;
bool enforce = false; /* Will be set to the real value later if needed */
int r = 0;
assert(message);
@ -204,7 +204,7 @@ int mac_selinux_generic_access_check(
SD_BUS_CREDS_AUGMENT /* get more bits from /proc */,
&creds);
if (r < 0)
goto finish;
return r;
/* The SELinux context is something we really should have
* gotten directly from the message or sender, and not be an
@ -216,25 +216,39 @@ int mac_selinux_generic_access_check(
r = sd_bus_creds_get_selinux_context(creds, &scon);
if (r < 0)
goto finish;
return r;
if (path) {
/* Get the file context of the unit file */
r = getfilecon_raw(path, &fcon);
if (r < 0) {
log_warning_errno(errno, "SELinux getfilecon_raw on '%s' failed (tclass=%s perm=%s): %m", path, tclass, permission);
r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get file context on %s.", path);
goto finish;
if (getfilecon_raw(path, &fcon) < 0) {
r = -errno;
enforce = security_getenforce() > 0;
log_warning_errno(r, "SELinux getfilecon_raw on '%s' failed%s (perm=%s): %m",
path,
enforce ? "" : ", ignoring",
permission);
if (!enforce)
return 0;
return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get file context on %s.", path);
}
tclass = "service";
} else {
r = getcon_raw(&fcon);
if (r < 0) {
log_warning_errno(errno, "SELinux getcon_raw failed (tclass=%s perm=%s): %m", tclass, permission);
r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get current context.");
goto finish;
if (getcon_raw(&fcon) < 0) {
r = -errno;
enforce = security_getenforce() > 0;
log_warning_errno(r, "SELinux getcon_raw failed%s (perm=%s): %m",
enforce ? "" : ", ignoring",
permission);
if (!enforce)
return 0;
return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Failed to get current context.");
}
tclass = "system";
@ -243,25 +257,24 @@ int mac_selinux_generic_access_check(
sd_bus_creds_get_cmdline(creds, &cmdline);
cl = strv_join(cmdline, " ");
audit_info.creds = creds;
audit_info.path = path;
audit_info.cmdline = cl;
struct audit_info audit_info = {
.creds = creds,
.path = path,
.cmdline = cl,
};
r = selinux_check_access(scon, fcon, tclass, permission, &audit_info);
if (r < 0)
r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "SELinux policy denies access.");
if (r < 0) {
r = errno_or_else(EPERM);
enforce = security_getenforce() > 0;
log_debug("SELinux access check scon=%s tcon=%s tclass=%s perm=%s path=%s cmdline=%s: %i", scon, fcon, tclass, permission, path, cl, r);
finish:
freecon(fcon);
if (r < 0 && security_getenforce() != 1) {
sd_bus_error_free(error);
r = 0;
if (enforce)
sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "SELinux policy denies access.");
}
return r;
log_debug_errno(r, "SELinux access check scon=%s tcon=%s tclass=%s perm=%s path=%s cmdline=%s: %m",
scon, fcon, tclass, permission, path, cl);
return enforce ? r : 0;
}
#else

18
src/network/networkd-network-gperf.gperf
View file

@ -258,15 +258,15 @@ ControlledDelay.IntervalSec, config_parse_controlled_delay_usec,
ControlledDelay.CEThresholdSec, config_parse_controlled_delay_usec, QDISC_KIND_CODEL, 0
ControlledDelay.ECN, config_parse_controlled_delay_bool, QDISC_KIND_CODEL, 0
FairQueueing.Parent, config_parse_qdisc_parent, QDISC_KIND_FQ, 0
FairQueueing.PacketLimit, config_parse_fair_queue_traffic_policing_u32, QDISC_KIND_FQ, 0
FairQueueing.FlowLimit, config_parse_fair_queue_traffic_policing_u32, QDISC_KIND_FQ, 0
FairQueueing.Quantum, config_parse_fair_queue_traffic_policing_size, QDISC_KIND_FQ, 0
FairQueueing.InitialQuantum, config_parse_fair_queue_traffic_policing_size, QDISC_KIND_FQ, 0
FairQueueing.MaximumRate, config_parse_fair_queue_traffic_policing_max_rate, QDISC_KIND_FQ, 0
FairQueueing.Buckets, config_parse_fair_queue_traffic_policing_u32, QDISC_KIND_FQ, 0
FairQueueing.OrphanMask, config_parse_fair_queue_traffic_policing_u32, QDISC_KIND_FQ, 0
FairQueueing.Pacing, config_parse_fair_queue_traffic_policing_bool, QDISC_KIND_FQ, 0
FairQueueing.CEThresholdSec, config_parse_fair_queue_traffic_policing_usec, QDISC_KIND_FQ, 0
FairQueueing.PacketLimit, config_parse_fair_queueing_u32, QDISC_KIND_FQ, 0
FairQueueing.FlowLimit, config_parse_fair_queueing_u32, QDISC_KIND_FQ, 0
FairQueueing.Quantum, config_parse_fair_queueing_size, QDISC_KIND_FQ, 0
FairQueueing.InitialQuantum, config_parse_fair_queueing_size, QDISC_KIND_FQ, 0
FairQueueing.MaximumRate, config_parse_fair_queueing_max_rate, QDISC_KIND_FQ, 0
FairQueueing.Buckets, config_parse_fair_queueing_u32, QDISC_KIND_FQ, 0
FairQueueing.OrphanMask, config_parse_fair_queueing_u32, QDISC_KIND_FQ, 0
FairQueueing.Pacing, config_parse_fair_queueing_bool, QDISC_KIND_FQ, 0
FairQueueing.CEThresholdSec, config_parse_fair_queueing_usec, QDISC_KIND_FQ, 0
FairQueueingControlledDelay.Parent, config_parse_qdisc_parent, QDISC_KIND_FQ_CODEL, 0
FairQueueingControlledDelay.PacketLimit, config_parse_fair_queueing_controlled_delay_u32, QDISC_KIND_FQ_CODEL, 0
FairQueueingControlledDelay.MemoryLimit, config_parse_fair_queueing_controlled_delay_size, QDISC_KIND_FQ_CODEL, 0

18
src/network/tc/fq.c
View file

@ -11,7 +11,7 @@
#include "string-util.h"
#include "util.h"
static int fair_queue_traffic_policing_init(QDisc *qdisc) {
static int fair_queueing_init(QDisc *qdisc) {
FairQueueing *fq;
assert(qdisc);
@ -24,7 +24,7 @@ static int fair_queue_traffic_policing_init(QDisc *qdisc) {
return 0;
}
static int fair_queue_traffic_policing_fill_message(Link *link, QDisc *qdisc, sd_netlink_message *req) {
static int fair_queueing_fill_message(Link *link, QDisc *qdisc, sd_netlink_message *req) {
FairQueueing *fq;
int r;
@ -102,7 +102,7 @@ static int fair_queue_traffic_policing_fill_message(Link *link, QDisc *qdisc, sd
return 0;
}
int config_parse_fair_queue_traffic_policing_u32(
int config_parse_fair_queueing_u32(
const char *unit,
const char *filename,
unsigned line,
@ -165,7 +165,7 @@ int config_parse_fair_queue_traffic_policing_u32(
return 0;
}
int config_parse_fair_queue_traffic_policing_size(
int config_parse_fair_queueing_size(
const char *unit,
const char *filename,
unsigned line,
@ -232,7 +232,7 @@ int config_parse_fair_queue_traffic_policing_size(
return 0;
}
int config_parse_fair_queue_traffic_policing_bool(
int config_parse_fair_queueing_bool(
const char *unit,
const char *filename,
unsigned line,
@ -284,7 +284,7 @@ int config_parse_fair_queue_traffic_policing_bool(
return 0;
}
int config_parse_fair_queue_traffic_policing_usec(
int config_parse_fair_queueing_usec(
const char *unit,
const char *filename,
unsigned line,
@ -343,7 +343,7 @@ int config_parse_fair_queue_traffic_policing_usec(
return 0;
}
int config_parse_fair_queue_traffic_policing_max_rate(
int config_parse_fair_queueing_max_rate(
const char *unit,
const char *filename,
unsigned line,
@ -403,8 +403,8 @@ int config_parse_fair_queue_traffic_policing_max_rate(
}
const QDiscVTable fq_vtable = {
.init = fair_queue_traffic_policing_init,
.init = fair_queueing_init,
.object_size = sizeof(FairQueueing),
.tca_kind = "fq",
.fill_message = fair_queue_traffic_policing_fill_message,
.fill_message = fair_queueing_fill_message,
};

10
src/network/tc/fq.h
View file

@ -22,8 +22,8 @@ typedef struct FairQueueing {
DEFINE_QDISC_CAST(FQ, FairQueueing);
extern const QDiscVTable fq_vtable;
CONFIG_PARSER_PROTOTYPE(config_parse_fair_queue_traffic_policing_u32);
CONFIG_PARSER_PROTOTYPE(config_parse_fair_queue_traffic_policing_size);
CONFIG_PARSER_PROTOTYPE(config_parse_fair_queue_traffic_policing_bool);
CONFIG_PARSER_PROTOTYPE(config_parse_fair_queue_traffic_policing_usec);
CONFIG_PARSER_PROTOTYPE(config_parse_fair_queue_traffic_policing_max_rate);
CONFIG_PARSER_PROTOTYPE(config_parse_fair_queueing_u32);
CONFIG_PARSER_PROTOTYPE(config_parse_fair_queueing_size);
CONFIG_PARSER_PROTOTYPE(config_parse_fair_queueing_bool);
CONFIG_PARSER_PROTOTYPE(config_parse_fair_queueing_usec);
CONFIG_PARSER_PROTOTYPE(config_parse_fair_queueing_max_rate);