Make failures of mac_selinux_init() fatal
This commit is contained in:
parent
a11bfc17dc
commit
a9ba0e328f
|
@ -122,7 +122,7 @@ int mac_selinux_init(void) {
|
||||||
|
|
||||||
label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
|
label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
|
||||||
if (!label_hnd)
|
if (!label_hnd)
|
||||||
return log_enforcing_errno(errno, "Failed to initialize SELinux context: %m");
|
return log_enforcing_errno(errno, "Failed to initialize SELinux labeling handle: %m");
|
||||||
|
|
||||||
after_timestamp = now(CLOCK_MONOTONIC);
|
after_timestamp = now(CLOCK_MONOTONIC);
|
||||||
after_mallinfo = mallinfo();
|
after_mallinfo = mallinfo();
|
||||||
|
|
|
@ -2559,7 +2559,7 @@ int main(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mac_selinux_init() < 0) {
|
if (mac_selinux_init() < 0) {
|
||||||
error_message = "Failed to initialize SELinux policy";
|
error_message = "Failed to initialize SELinux support";
|
||||||
goto finish;
|
goto finish;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -801,7 +801,10 @@ static int run(int argc, char *argv[]) {
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
umask(0022);
|
umask(0022);
|
||||||
mac_selinux_init();
|
|
||||||
|
r = mac_selinux_init();
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
|
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
|
||||||
|
|
||||||
|
|
|
@ -125,7 +125,9 @@ static int run(int argc, char *argv[]) {
|
||||||
if (r <= 0)
|
if (r <= 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
mac_selinux_init();
|
r = mac_selinux_init();
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
return hwdb_main(argc, argv);
|
return hwdb_main(argc, argv);
|
||||||
}
|
}
|
||||||
|
|
|
@ -788,7 +788,10 @@ static int run(int argc, char *argv[]) {
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
umask(0022);
|
umask(0022);
|
||||||
mac_selinux_init();
|
|
||||||
|
r = mac_selinux_init();
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
|
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, SIGINT, -1) >= 0);
|
||||||
|
|
||||||
|
|
|
@ -1173,7 +1173,7 @@ static int run(int argc, char *argv[]) {
|
||||||
|
|
||||||
r = mac_selinux_init();
|
r = mac_selinux_init();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Could not initialize labelling: %m");
|
return r;
|
||||||
|
|
||||||
/* Always create the directories people can create inotify watches in. Note that some applications might check
|
/* Always create the directories people can create inotify watches in. Note that some applications might check
|
||||||
* for the existence of /run/systemd/seats/ to determine whether logind is available, so please always make
|
* for the existence of /run/systemd/seats/ to determine whether logind is available, so please always make
|
||||||
|
|
|
@ -192,11 +192,11 @@ static int run(int argc, char *argv[]) {
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||||
"First argument must be either \"start\" or \"stop\".");
|
"First argument must be either \"start\" or \"stop\".");
|
||||||
|
|
||||||
|
umask(0022);
|
||||||
|
|
||||||
r = mac_selinux_init();
|
r = mac_selinux_init();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Could not initialize labelling: %m\n");
|
return r;
|
||||||
|
|
||||||
umask(0022);
|
|
||||||
|
|
||||||
if (streq(argv[1], "start"))
|
if (streq(argv[1], "start"))
|
||||||
return do_mount(argv[2]);
|
return do_mount(argv[2]);
|
||||||
|
|
|
@ -40,7 +40,7 @@ static int run(int argc, char *argv[]) {
|
||||||
|
|
||||||
r = mac_selinux_init();
|
r = mac_selinux_init();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "SELinux setup failed: %m");
|
return r;
|
||||||
|
|
||||||
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume most
|
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume most
|
||||||
* privileges are already dropped and we can't create our directory. */
|
* privileges are already dropped and we can't create our directory. */
|
||||||
|
|
|
@ -1898,7 +1898,7 @@ static int run(int argc, char *argv[]) {
|
||||||
|
|
||||||
r = mac_selinux_init();
|
r = mac_selinux_init();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "SELinux setup failed: %m");
|
return r;
|
||||||
|
|
||||||
/* If command line arguments are specified along with --replace, read all
|
/* If command line arguments are specified along with --replace, read all
|
||||||
* configuration files and insert the positional arguments at the specified
|
* configuration files and insert the positional arguments at the specified
|
||||||
|
|
|
@ -377,7 +377,10 @@ static int context_write_data_local_rtc(Context *c) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
mac_selinux_init();
|
r = mac_selinux_init();
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
return write_string_file_atomic_label("/etc/adjtime", w);
|
return write_string_file_atomic_label("/etc/adjtime", w);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3262,7 +3262,9 @@ static int run(int argc, char *argv[]) {
|
||||||
|
|
||||||
umask(0022);
|
umask(0022);
|
||||||
|
|
||||||
mac_selinux_init();
|
r = mac_selinux_init();
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
items = ordered_hashmap_new(&item_array_hash_ops);
|
items = ordered_hashmap_new(&item_array_hash_ops);
|
||||||
globs = ordered_hashmap_new(&item_array_hash_ops);
|
globs = ordered_hashmap_new(&item_array_hash_ops);
|
||||||
|
|
|
@ -124,7 +124,10 @@ static int run(int argc, char *argv[]) {
|
||||||
|
|
||||||
log_set_max_level_realm(LOG_REALM_SYSTEMD, log_get_max_level());
|
log_set_max_level_realm(LOG_REALM_SYSTEMD, log_get_max_level());
|
||||||
|
|
||||||
mac_selinux_init();
|
r = mac_selinux_init();
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
return udevadm_main(argc, argv);
|
return udevadm_main(argc, argv);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1863,7 +1863,7 @@ int run_udevd(int argc, char *argv[]) {
|
||||||
|
|
||||||
r = mac_selinux_init();
|
r = mac_selinux_init();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Could not initialize labelling: %m");
|
return r;
|
||||||
|
|
||||||
r = mkdir_errno_wrapper("/run/udev", 0755);
|
r = mkdir_errno_wrapper("/run/udev", 0755);
|
||||||
if (r < 0 && r != -EEXIST)
|
if (r < 0 && r != -EEXIST)
|
||||||
|
|
|
@ -49,10 +49,8 @@ int main(int argc, char *argv[]) {
|
||||||
}
|
}
|
||||||
|
|
||||||
r = mac_selinux_init();
|
r = mac_selinux_init();
|
||||||
if (r < 0) {
|
if (r < 0)
|
||||||
log_error_errno(r, "SELinux setup failed: %m");
|
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
}
|
|
||||||
|
|
||||||
r = apply_timestamp("/etc/.updated", &st.st_mtim);
|
r = apply_timestamp("/etc/.updated", &st.st_mtim);
|
||||||
q = apply_timestamp("/var/.updated", &st.st_mtim);
|
q = apply_timestamp("/var/.updated", &st.st_mtim);
|
||||||
|
|
|
@ -25,7 +25,9 @@ static int run(int argc, char *argv[]) {
|
||||||
|
|
||||||
umask(0022);
|
umask(0022);
|
||||||
|
|
||||||
mac_selinux_init();
|
r = mac_selinux_init();
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
if (streq(argv[1], "start")) {
|
if (streq(argv[1], "start")) {
|
||||||
r = unlink_or_warn("/run/nologin");
|
r = unlink_or_warn("/run/nologin");
|
||||||
|
|
Loading…
Reference in a new issue