mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
Make it possible to disable smack separately from xattr support
Additionally, compile out rule loading if feature is disabled.
This commit is contained in:
parent
264ad849a4
commit
2b3e18de74
26
configure.ac
26
configure.ac
@ -444,6 +444,31 @@ fi
|
||||
AC_SUBST(XATTR_LIBS)
|
||||
AM_CONDITIONAL([HAVE_XATTR], [test "x$have_xattr" != xno])
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
AC_ARG_ENABLE([smack], AS_HELP_STRING([--disable-smack],[Disable optional SMACK support]),
|
||||
[case "${enableval}" in
|
||||
yes) have_smack=yes ;;
|
||||
no) have_smack=no ;;
|
||||
*) AC_MSG_ERROR(bad value ${enableval} for --disable-smack) ;;
|
||||
esac],
|
||||
[have_smack=auto])
|
||||
|
||||
if test "x${have_xattr}" = xno; then
|
||||
if test "x${have_smack}" = xyes; then
|
||||
AC_MSG_ERROR(SMACK requires xattr support)
|
||||
else
|
||||
have_smack=no
|
||||
fi
|
||||
else
|
||||
if test "x${have_smack}" = xauto; then
|
||||
have_smack=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "x${have_smack}" = xyes ; then
|
||||
AC_DEFINE(HAVE_SMACK, 1, [Define if SMACK is available])
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
AC_ARG_ENABLE([gcrypt],
|
||||
AS_HELP_STRING([--disable-gcrypt],[Disable optional GCRYPT support]),
|
||||
@ -915,6 +940,7 @@ AC_MSG_RESULT([
|
||||
AUDIT: ${have_audit}
|
||||
IMA: ${have_ima}
|
||||
SELinux: ${have_selinux}
|
||||
SMACK: ${have_smack}
|
||||
XZ: ${have_xz}
|
||||
ACL: ${have_acl}
|
||||
XATTR: ${have_xattr}
|
||||
|
@ -42,6 +42,8 @@
|
||||
#define SMACK_CONFIG "/etc/smack/accesses.d/"
|
||||
#define CIPSO_CONFIG "/etc/smack/cipso/"
|
||||
|
||||
#ifdef HAVE_SMACK
|
||||
|
||||
static int write_rules(const char* dstpath, const char* srcdir) {
|
||||
_cleanup_fclose_ FILE *dst = NULL;
|
||||
_cleanup_closedir_ DIR *dir = NULL;
|
||||
@ -111,8 +113,12 @@ static int write_rules(const char* dstpath, const char* srcdir) {
|
||||
return r;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
int smack_setup(void) {
|
||||
|
||||
#ifdef HAVE_SMACK
|
||||
|
||||
int r;
|
||||
|
||||
r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
|
||||
@ -148,4 +154,8 @@ int smack_setup(void) {
|
||||
strerror(abs(r)));
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -788,7 +788,7 @@ static void socket_apply_socket_options(Socket *s, int fd) {
|
||||
if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
|
||||
log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
|
||||
|
||||
#ifdef HAVE_XATTR
|
||||
#ifdef HAVE_SMACK
|
||||
if (s->smack_ip_in)
|
||||
if (fsetxattr(fd, "security.SMACK64IPIN", s->smack_ip_in, strlen(s->smack_ip_in), 0) < 0)
|
||||
log_error_unit(UNIT(s)->id,
|
||||
@ -810,7 +810,7 @@ static void socket_apply_fifo_options(Socket *s, int fd) {
|
||||
log_warning_unit(UNIT(s)->id,
|
||||
"F_SETPIPE_SZ: %m");
|
||||
|
||||
#ifdef HAVE_XATTR
|
||||
#ifdef HAVE_SMACK
|
||||
if (s->smack)
|
||||
if (fsetxattr(fd, "security.SMACK64", s->smack, strlen(s->smack), 0) < 0)
|
||||
log_error_unit(UNIT(s)->id,
|
||||
|
Loading…
Reference in New Issue
Block a user