From 05f05a06cd1d72b4bfcbf565d12ea3107187f66d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Nov 2021 14:48:52 +0100 Subject: [PATCH 1/9] mkdir: tighten permission check Let's complain about any bit that is set in the existing inode but no in the mask we are supposed to use. --- src/basic/mkdir.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c index 41638f7a81c..4a0c48b8afe 100644 --- a/src/basic/mkdir.c +++ b/src/basic/mkdir.c @@ -56,9 +56,8 @@ int mkdir_safe_internal( if (!S_ISDIR(st.st_mode)) return log_full_errno(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG, SYNTHETIC_ERRNO(ENOTDIR), "Path \"%s\" already exists and is not a directory, refusing.", path); - if ((st.st_mode & 0007) > (mode & 0007) || - (st.st_mode & 0070) > (mode & 0070) || - (st.st_mode & 0700) > (mode & 0700)) + + if ((st.st_mode & ~mode & 0777) != 0) return log_full_errno(flags & MKDIR_WARN_MODE ? LOG_WARNING : LOG_DEBUG, SYNTHETIC_ERRNO(EEXIST), "Directory \"%s\" already exists, but has mode %04o that is too permissive (%04o was requested), refusing.", path, st.st_mode & 0777, mode); From c7e715096f04fcb1b88e844b7eed52f3e41b9f8b Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Nov 2021 14:49:34 +0100 Subject: [PATCH 2/9] mkdir: make sure mode is set --- src/basic/mkdir.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c index 4a0c48b8afe..7aaaae0f0d7 100644 --- a/src/basic/mkdir.c +++ b/src/basic/mkdir.c @@ -27,6 +27,7 @@ int mkdir_safe_internal( int r; assert(path); + assert(mode != MODE_INVALID); assert(_mkdir && _mkdir != mkdir); if (_mkdir(path, mode) >= 0) { From 1e146d738232acbe7f72903e9c5e4d1166ea67f5 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Nov 2021 14:49:49 +0100 Subject: [PATCH 3/9] mkdir: use chase_symlinks_and_stat() where appropriate --- src/basic/mkdir.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c index 7aaaae0f0d7..431f5d23066 100644 --- a/src/basic/mkdir.c +++ b/src/basic/mkdir.c @@ -42,16 +42,13 @@ int mkdir_safe_internal( if ((flags & MKDIR_FOLLOW_SYMLINK) && S_ISLNK(st.st_mode)) { _cleanup_free_ char *p = NULL; - r = chase_symlinks(path, NULL, CHASE_NONEXISTENT, &p, NULL); + r = chase_symlinks_and_stat(path, NULL, CHASE_NONEXISTENT, &p, &st, NULL); if (r < 0) return r; if (r == 0) return mkdir_safe_internal(p, mode, uid, gid, flags & ~MKDIR_FOLLOW_SYMLINK, _mkdir); - - if (lstat(p, &st) < 0) - return -errno; } if (!S_ISDIR(st.st_mode)) From d1cd465e21eb3fd100819378e906483dded1ce71 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Nov 2021 15:12:23 +0100 Subject: [PATCH 4/9] smack make mac_smack_fix_at() useful when called with dir_fd=AT_FDCWD --- src/shared/smack-util.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c index d7fbbdc913a..b8434b068ca 100644 --- a/src/shared/smack-util.c +++ b/src/shared/smack-util.c @@ -176,7 +176,7 @@ static int smack_fix_fd(int fd, const char *abspath, LabelFixFlags flags) { return 0; } -int mac_smack_fix_at(int dirfd, const char *path, LabelFixFlags flags) { +int mac_smack_fix_at(int dir_fd, const char *path, LabelFixFlags flags) { _cleanup_free_ char *p = NULL; _cleanup_close_ int fd = -1; int r; @@ -186,7 +186,14 @@ int mac_smack_fix_at(int dirfd, const char *path, LabelFixFlags flags) { if (!mac_smack_use()) return 0; - fd = openat(dirfd, path, O_NOFOLLOW|O_CLOEXEC|O_PATH); + if (dir_fd < 0) { + if (dir_fd != AT_FDCWD) + return -EBADF; + + return mac_smack_fix(path, flags); + } + + fd = openat(dir_fd, path, O_NOFOLLOW|O_CLOEXEC|O_PATH); if (fd < 0) { if ((flags & LABEL_IGNORE_ENOENT) && errno == ENOENT) return 0; From fc0f4d602429d5080df86af68e9aafa593572962 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Nov 2021 15:13:37 +0100 Subject: [PATCH 5/9] selinux: make mac_selinux_create_file_prepare() at wrapper around _at() Let's make sure mac_selinux_create_file_prepare_at() works fine with AT_FDCWD, and then make mac_selinux_create_file_prepare() just a inline wrapper around it. --- src/shared/selinux-util.c | 38 +++++++++++--------------------------- src/shared/selinux-util.h | 5 ++++- 2 files changed, 15 insertions(+), 28 deletions(-) diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c index 5745fe09a25..a1359a5bfd3 100644 --- a/src/shared/selinux-util.c +++ b/src/shared/selinux-util.c @@ -497,25 +497,30 @@ static int selinux_create_file_prepare_abspath(const char *abspath, mode_t mode) } #endif -int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode) { +int mac_selinux_create_file_prepare_at( + int dir_fd, + const char *path, + mode_t mode) { + #if HAVE_SELINUX _cleanup_free_ char *abspath = NULL; int r; - assert(path); + if (dir_fd < 0 && dir_fd != AT_FDCWD) + return -EBADF; if (!label_hnd) return 0; - if (!path_is_absolute(path)) { - if (dirfd == AT_FDCWD) + if (isempty(path) || !path_is_absolute(path)) { + if (dir_fd == AT_FDCWD) r = safe_getcwd(&abspath); else - r = fd_get_path(dirfd, &abspath); + r = fd_get_path(dir_fd, &abspath); if (r < 0) return r; - if (!path_extend(&abspath, path)) + if (!isempty(path) && !path_extend(&abspath, path)) return -ENOMEM; path = abspath; @@ -527,27 +532,6 @@ int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode) #endif } -int mac_selinux_create_file_prepare(const char *path, mode_t mode) { -#if HAVE_SELINUX - int r; - - _cleanup_free_ char *abspath = NULL; - - assert(path); - - if (!label_hnd) - return 0; - - r = path_make_absolute_cwd(path, &abspath); - if (r < 0) - return r; - - return selinux_create_file_prepare_abspath(abspath, mode); -#else - return 0; -#endif -} - int mac_selinux_create_file_prepare_label(const char *path, const char *label) { #if HAVE_SELINUX diff --git a/src/shared/selinux-util.h b/src/shared/selinux-util.h index 4147a3ad506..a9ddbfc6536 100644 --- a/src/shared/selinux-util.h +++ b/src/shared/selinux-util.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once +#include #include #include #include @@ -41,8 +42,10 @@ int mac_selinux_get_our_label(char **label); int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **label); char* mac_selinux_free(char *label); -int mac_selinux_create_file_prepare(const char *path, mode_t mode); int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode); +static inline int mac_selinux_create_file_prepare(const char *path, mode_t mode) { + return mac_selinux_create_file_prepare_at(AT_FDCWD, path, mode); +} int mac_selinux_create_file_prepare_label(const char *path, const char *label); void mac_selinux_create_file_clear(void); From 3bb5ecaa88499a9ddab6afd61398b17393173e8d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Nov 2021 15:14:52 +0100 Subject: [PATCH 6/9] mkdir-label: make mkdir_label() a wrapper around mkdirat_label() --- src/shared/label.h | 7 ++++++- src/shared/mkdir-label.c | 17 ----------------- 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/src/shared/label.h b/src/shared/label.h index b5118d96d32..b198e140d04 100644 --- a/src/shared/label.h +++ b/src/shared/label.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once +#include #include #include @@ -14,8 +15,12 @@ static inline int label_fix(const char *path, LabelFixFlags flags) { return label_fix_container(path, path, flags); } -int mkdir_label(const char *path, mode_t mode); int mkdirat_label(int dirfd, const char *path, mode_t mode); + +static inline int mkdir_label(const char *path, mode_t mode) { + return mkdirat_label(AT_FDCWD, path, mode); +} + int symlink_label(const char *old_path, const char *new_path); int symlink_atomic_label(const char *from, const char *to); int mknod_label(const char *pathname, mode_t mode, dev_t dev); diff --git a/src/shared/mkdir-label.c b/src/shared/mkdir-label.c index 9565117b925..9e2f8635351 100644 --- a/src/shared/mkdir-label.c +++ b/src/shared/mkdir-label.c @@ -12,23 +12,6 @@ #include "smack-util.h" #include "user-util.h" -int mkdir_label(const char *path, mode_t mode) { - int r; - - assert(path); - - r = mac_selinux_create_file_prepare(path, S_IFDIR); - if (r < 0) - return r; - - r = mkdir_errno_wrapper(path, mode); - mac_selinux_create_file_clear(); - if (r < 0) - return r; - - return mac_smack_fix(path, 0); -} - int mkdirat_label(int dirfd, const char *path, mode_t mode) { int r; From 3f692e2ece5fce59b51ec7ec7c77d0ce2d47ee55 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Nov 2021 15:16:19 +0100 Subject: [PATCH 7/9] tree-wide: don't use mkdir_errno_wrapper() without reason Simple mkdir() is fine, too, no need to use the wrapper --- src/nspawn/nspawn.c | 6 +++--- src/shared/cgroup-setup.c | 2 +- src/udev/udevd.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 8098d37962f..e23d042b577 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1887,7 +1887,7 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid int r; q = prefix_roota(root, path); - r = mkdir_errno_wrapper(q, mode); + r = RET_NERRNO(mkdir(q, mode)); if (r == -EEXIST) return 0; if (r < 0) @@ -2341,7 +2341,7 @@ static int setup_pts(const char *dest) { /* Mount /dev/pts itself */ p = prefix_roota(dest, "/dev/pts"); - r = mkdir_errno_wrapper(p, 0755); + r = RET_NERRNO(mkdir(p, 0755)); if (r < 0) return log_error_errno(r, "Failed to create /dev/pts: %m"); @@ -2666,7 +2666,7 @@ static int setup_journal(const char *directory) { /* don't create parents here — if the host doesn't have * permanent journal set up, don't force it here */ - r = mkdir_errno_wrapper(p, 0755); + r = RET_NERRNO(mkdir(p, 0755)); if (r < 0 && r != -EEXIST) { if (try) { log_debug_errno(r, "Failed to create %s, skipping journal setup: %m", p); diff --git a/src/shared/cgroup-setup.c b/src/shared/cgroup-setup.c index 2221fd07c28..8bda66ca36a 100644 --- a/src/shared/cgroup-setup.c +++ b/src/shared/cgroup-setup.c @@ -292,7 +292,7 @@ int cg_create(const char *controller, const char *path) { if (r < 0) return r; - r = mkdir_errno_wrapper(fs, 0755); + r = RET_NERRNO(mkdir(fs, 0755)); if (r == -EEXIST) return 0; if (r < 0) diff --git a/src/udev/udevd.c b/src/udev/udevd.c index beec6e62e7b..d37652db670 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -1933,7 +1933,7 @@ int run_udevd(int argc, char *argv[]) { if (r < 0) return r; - r = mkdir_errno_wrapper("/run/udev", 0755); + r = RET_NERRNO(mkdir("/run/udev", 0755)); if (r < 0 && r != -EEXIST) return log_error_errno(r, "Failed to create /run/udev: %m"); From ed304a5d73389023a542841faeb277ccca798549 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Nov 2021 15:18:06 +0100 Subject: [PATCH 8/9] mkdir: drop mkdir_errno_wrapper(), use mkdirat_errno_wrapper() instead Let's reduce our code duplication, and let's focus on using xyzat() style APIs more, hence drop mkdir_errno_wrapper() and stick to mkdirar_errno_wrapper() wherever we can, it's a true superset of functionality after all. --- src/basic/mkdir.c | 38 +++++++++++++++++--------------------- src/basic/mkdir.h | 9 ++++----- src/shared/mkdir-label.c | 6 +++--- 3 files changed, 24 insertions(+), 29 deletions(-) diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c index 431f5d23066..6e2b94d024e 100644 --- a/src/basic/mkdir.c +++ b/src/basic/mkdir.c @@ -21,16 +21,16 @@ int mkdir_safe_internal( mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, - mkdir_func_t _mkdir) { + mkdirat_func_t _mkdirat) { struct stat st; int r; assert(path); assert(mode != MODE_INVALID); - assert(_mkdir && _mkdir != mkdir); + assert(_mkdirat && _mkdirat != mkdirat); - if (_mkdir(path, mode) >= 0) { + if (_mkdirat(AT_FDCWD, path, mode) >= 0) { r = chmod_and_chown(path, mode, uid, gid); if (r < 0) return r; @@ -48,7 +48,7 @@ int mkdir_safe_internal( if (r == 0) return mkdir_safe_internal(p, mode, uid, gid, flags & ~MKDIR_FOLLOW_SYMLINK, - _mkdir); + _mkdirat); } if (!S_ISDIR(st.st_mode)) @@ -76,24 +76,20 @@ int mkdir_safe_internal( return 0; } -int mkdir_errno_wrapper(const char *pathname, mode_t mode) { - return RET_NERRNO(mkdir(pathname, mode)); -} - int mkdirat_errno_wrapper(int dirfd, const char *pathname, mode_t mode) { return RET_NERRNO(mkdirat(dirfd, pathname, mode)); } int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags) { - return mkdir_safe_internal(path, mode, uid, gid, flags, mkdir_errno_wrapper); + return mkdir_safe_internal(path, mode, uid, gid, flags, mkdirat_errno_wrapper); } -int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdir_func_t _mkdir) { +int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdirat_func_t _mkdirat) { const char *p, *e = NULL; int r; assert(path); - assert(_mkdir != mkdir); + assert(_mkdirat != mkdirat); if (prefix) { p = path_startswith_full(path, prefix, /* accept_dot_dot= */ false); @@ -142,7 +138,7 @@ int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, ui s[n] = '\0'; if (!prefix || !path_startswith_full(prefix, path, /* accept_dot_dot= */ false)) { - r = mkdir_safe_internal(path, mode, uid, gid, flags, _mkdir); + r = mkdir_safe_internal(path, mode, uid, gid, flags, _mkdirat); if (r < 0 && r != -EEXIST) return r; } @@ -152,30 +148,30 @@ int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, ui } int mkdir_parents(const char *path, mode_t mode) { - return mkdir_parents_internal(NULL, path, mode, UID_INVALID, UID_INVALID, 0, mkdir_errno_wrapper); + return mkdir_parents_internal(NULL, path, mode, UID_INVALID, UID_INVALID, 0, mkdirat_errno_wrapper); } int mkdir_parents_safe(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags) { - return mkdir_parents_internal(prefix, path, mode, uid, gid, flags, mkdir_errno_wrapper); + return mkdir_parents_internal(prefix, path, mode, uid, gid, flags, mkdirat_errno_wrapper); } -int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdir_func_t _mkdir) { +int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdirat_func_t _mkdirat) { int r; /* Like mkdir -p */ - assert(_mkdir != mkdir); + assert(_mkdirat != mkdirat); - r = mkdir_parents_internal(prefix, path, mode, uid, gid, flags, _mkdir); + r = mkdir_parents_internal(prefix, path, mode, uid, gid, flags, _mkdirat); if (r < 0) return r; if (!uid_is_valid(uid) && !gid_is_valid(gid) && flags == 0) { - r = _mkdir(path, mode); + r = _mkdirat(AT_FDCWD, path, mode); if (r < 0 && (r != -EEXIST || is_dir(path, true) <= 0)) return r; } else { - r = mkdir_safe_internal(path, mode, uid, gid, flags, _mkdir); + r = mkdir_safe_internal(path, mode, uid, gid, flags, _mkdirat); if (r < 0 && r != -EEXIST) return r; } @@ -184,11 +180,11 @@ int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, uid_t ui } int mkdir_p(const char *path, mode_t mode) { - return mkdir_p_internal(NULL, path, mode, UID_INVALID, UID_INVALID, 0, mkdir_errno_wrapper); + return mkdir_p_internal(NULL, path, mode, UID_INVALID, UID_INVALID, 0, mkdirat_errno_wrapper); } int mkdir_p_safe(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags) { - return mkdir_p_internal(prefix, path, mode, uid, gid, flags, mkdir_errno_wrapper); + return mkdir_p_internal(prefix, path, mode, uid, gid, flags, mkdirat_errno_wrapper); } int mkdir_p_root(const char *root, const char *p, uid_t uid, gid_t gid, mode_t m) { diff --git a/src/basic/mkdir.h b/src/basic/mkdir.h index 3c53d22db97..837e493c6b2 100644 --- a/src/basic/mkdir.h +++ b/src/basic/mkdir.h @@ -8,7 +8,6 @@ typedef enum MkdirFlags { MKDIR_WARN_MODE = 1 << 1, } MkdirFlags; -int mkdir_errno_wrapper(const char *pathname, mode_t mode); int mkdirat_errno_wrapper(int dirfd, const char *pathname, mode_t mode); int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags); int mkdir_parents(const char *path, mode_t mode); @@ -22,9 +21,9 @@ int mkdir_parents_label(const char *path, mode_t mod); int mkdir_p_label(const char *path, mode_t mode); /* internally used */ -typedef int (*mkdir_func_t)(const char *pathname, mode_t mode); -int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdir_func_t _mkdir); -int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdir_func_t _mkdir); -int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdir_func_t _mkdir); +typedef int (*mkdirat_func_t)(int dir_fd, const char *pathname, mode_t mode); +int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdirat_func_t _mkdir); +int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdirat_func_t _mkdir); +int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdirat_func_t _mkdir); int mkdir_p_root(const char *root, const char *p, uid_t uid, gid_t gid, mode_t m); diff --git a/src/shared/mkdir-label.c b/src/shared/mkdir-label.c index 9e2f8635351..3c332d10074 100644 --- a/src/shared/mkdir-label.c +++ b/src/shared/mkdir-label.c @@ -30,13 +30,13 @@ int mkdirat_label(int dirfd, const char *path, mode_t mode) { } int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags) { - return mkdir_safe_internal(path, mode, uid, gid, flags, mkdir_label); + return mkdir_safe_internal(path, mode, uid, gid, flags, mkdirat_label); } int mkdir_parents_label(const char *path, mode_t mode) { - return mkdir_parents_internal(NULL, path, mode, UID_INVALID, UID_INVALID, 0, mkdir_label); + return mkdir_parents_internal(NULL, path, mode, UID_INVALID, UID_INVALID, 0, mkdirat_label); } int mkdir_p_label(const char *path, mode_t mode) { - return mkdir_p_internal(NULL, path, mode, UID_INVALID, UID_INVALID, 0, mkdir_label); + return mkdir_p_internal(NULL, path, mode, UID_INVALID, UID_INVALID, 0, mkdirat_label); } From 35cd0ba516fb0e2ee5744b9185f7df903962c726 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Nov 2021 15:44:50 +0100 Subject: [PATCH 9/9] shared: clean up mkdir.h/label.h situation Previously the mkdir_label() family of calls was implemented in src/shared/mkdir-label.c but its functions partly declared ins src/shared/label.h and partly in src/basic/mkdir.h (!!). That's weird (and wrong). Let's clean this up, and add a proper mkdir-label.h matching the .c file. --- src/basic/mkdir.h | 11 +++-------- src/core/automount.c | 2 +- src/core/core-varlink.c | 2 +- src/core/dbus.c | 2 +- src/core/execute.c | 2 +- src/core/generator-setup.c | 2 +- src/core/main.c | 2 +- src/core/manager.c | 2 +- src/core/mount.c | 2 +- src/core/namespace.c | 2 +- src/core/path.c | 2 +- src/core/socket.c | 2 +- src/core/unit.c | 2 +- src/coredump/coredump.c | 2 +- src/debug-generator/debug-generator.c | 4 ++-- src/getty-generator/getty-generator.c | 4 ++-- .../hibernate-resume-generator.c | 4 ++-- src/import/import-fs.c | 2 +- src/import/import-raw.c | 2 +- src/import/import-tar.c | 2 +- src/import/importd.c | 2 +- src/import/pull-raw.c | 2 +- src/import/pull-tar.c | 2 +- src/locale/keymap-util.c | 2 +- src/login/logind-dbus.c | 2 +- src/login/logind-inhibit.c | 2 +- src/login/logind-seat.c | 2 +- src/login/logind-session.c | 2 +- src/login/logind-user.c | 2 +- src/login/logind.c | 1 + src/login/user-runtime-dir.c | 2 +- src/machine/machine.c | 2 +- src/machine/machined.c | 2 +- src/network/networkd.c | 2 +- src/nspawn/nspawn-mount.c | 2 +- src/rc-local-generator/rc-local-generator.c | 2 +- src/resolve/resolved.c | 2 +- src/shared/ask-password-api.c | 2 +- src/shared/copy.c | 1 + src/shared/dev-setup.c | 1 + src/shared/dissect-image.c | 2 +- src/shared/generator.c | 4 ++-- src/shared/hwdb-util.c | 2 +- src/shared/install.c | 4 ++-- src/shared/label.h | 6 ------ src/shared/meson.build | 1 + src/shared/mkdir-label.c | 9 +-------- src/shared/mkdir-label.h | 17 +++++++++++++++++ src/shared/mount-setup.c | 2 +- src/shared/mount-util.c | 2 +- src/shared/socket-label.c | 2 +- src/shared/switch-root.c | 2 +- src/systemctl/systemctl-edit.c | 2 +- src/test/test-udev.c | 2 +- src/timesync/timesyncd.c | 2 +- src/tmpfiles/tmpfiles.c | 2 +- .../tty-ask-password-agent.c | 2 +- src/udev/udev-node.c | 2 +- 58 files changed, 80 insertions(+), 77 deletions(-) create mode 100644 src/shared/mkdir-label.h diff --git a/src/basic/mkdir.h b/src/basic/mkdir.h index 837e493c6b2..34a52275778 100644 --- a/src/basic/mkdir.h +++ b/src/basic/mkdir.h @@ -9,21 +9,16 @@ typedef enum MkdirFlags { } MkdirFlags; int mkdirat_errno_wrapper(int dirfd, const char *pathname, mode_t mode); + int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags); int mkdir_parents(const char *path, mode_t mode); int mkdir_parents_safe(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags); int mkdir_p(const char *path, mode_t mode); int mkdir_p_safe(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags); +int mkdir_p_root(const char *root, const char *p, uid_t uid, gid_t gid, mode_t m); -/* mandatory access control(MAC) versions */ -int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags); -int mkdir_parents_label(const char *path, mode_t mod); -int mkdir_p_label(const char *path, mode_t mode); - -/* internally used */ +/* The following are used to implement the mkdir_xyz_label() calls, don't use otherwise. */ typedef int (*mkdirat_func_t)(int dir_fd, const char *pathname, mode_t mode); int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdirat_func_t _mkdir); int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdirat_func_t _mkdir); int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags, mkdirat_func_t _mkdir); - -int mkdir_p_root(const char *root, const char *p, uid_t uid, gid_t gid, mode_t m); diff --git a/src/core/automount.c b/src/core/automount.c index 550a350a455..0bb58fdcd15 100644 --- a/src/core/automount.c +++ b/src/core/automount.c @@ -21,7 +21,7 @@ #include "format-util.h" #include "io-util.h" #include "label.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-util.h" #include "mount.h" #include "mountpoint-util.h" diff --git a/src/core/core-varlink.c b/src/core/core-varlink.c index ab0d4553804..8c54cc0663e 100644 --- a/src/core/core-varlink.c +++ b/src/core/core-varlink.c @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #include "core-varlink.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "strv.h" #include "user-util.h" #include "varlink.h" diff --git a/src/core/dbus.c b/src/core/dbus.c index f876433c00e..2c5bda58f98 100644 --- a/src/core/dbus.c +++ b/src/core/dbus.c @@ -33,7 +33,7 @@ #include "fd-util.h" #include "fs-util.h" #include "log.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "process-util.h" #include "selinux-access.h" #include "serialize.h" diff --git a/src/core/execute.c b/src/core/execute.c index 6192a2d33eb..ba66b9e6ece 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -71,7 +71,7 @@ #include "memory-util.h" #include "missing_fs.h" #include "missing_ioprio.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-util.h" #include "mountpoint-util.h" #include "namespace.h" diff --git a/src/core/generator-setup.c b/src/core/generator-setup.c index 91739517354..00d6ad61fa0 100644 --- a/src/core/generator-setup.c +++ b/src/core/generator-setup.c @@ -4,7 +4,7 @@ #include "generator-setup.h" #include "macro.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "rm-rf.h" int lookup_paths_mkdir_generator(LookupPaths *p) { diff --git a/src/core/main.c b/src/core/main.c index 72dd199ddb6..57aedb9b93b 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -60,7 +60,7 @@ #include "manager.h" #include "manager-dump.h" #include "manager-serialize.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-setup.h" #include "os-util.h" #include "pager.h" diff --git a/src/core/manager.c b/src/core/manager.c index b21747daeae..c94f032cc05 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -58,7 +58,7 @@ #include "manager-dump.h" #include "manager-serialize.h" #include "memory-util.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "path-lookup.h" #include "path-util.h" diff --git a/src/core/mount.c b/src/core/mount.c index 4f76b552c22..90b11347f71 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -17,7 +17,7 @@ #include "libmount-util.h" #include "log.h" #include "manager.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-setup.h" #include "mount.h" #include "mountpoint-util.h" diff --git a/src/core/namespace.c b/src/core/namespace.c index c01975b9de2..a84060c6826 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -21,7 +21,7 @@ #include "list.h" #include "loop-util.h" #include "loopback-setup.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-util.h" #include "mountpoint-util.h" #include "namespace-util.h" diff --git a/src/core/path.c b/src/core/path.c index cdab9dcf8c6..999cecc96c6 100644 --- a/src/core/path.c +++ b/src/core/path.c @@ -14,7 +14,7 @@ #include "glob-util.h" #include "inotify-util.h" #include "macro.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "path.h" #include "path-util.h" #include "serialize.h" diff --git a/src/core/socket.c b/src/core/socket.c index f265aab5948..e6d168188a1 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -28,7 +28,7 @@ #include "ip-protocol-list.h" #include "label.h" #include "log.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "path-util.h" #include "process-util.h" diff --git a/src/core/unit.c b/src/core/unit.c index 27d75033325..fa21b8acb2f 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -37,7 +37,7 @@ #include "log.h" #include "macro.h" #include "missing_audit.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "path-util.h" #include "process-util.h" #include "rm-rf.h" diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index 62a622a6cab..27b8f7754b6 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -37,7 +37,7 @@ #include "macro.h" #include "main-func.h" #include "memory-util.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "process-util.h" #include "signal-util.h" diff --git a/src/debug-generator/debug-generator.c b/src/debug-generator/debug-generator.c index a8f3422dd48..a724ae510d1 100644 --- a/src/debug-generator/debug-generator.c +++ b/src/debug-generator/debug-generator.c @@ -5,7 +5,7 @@ #include "alloc-util.h" #include "dropin.h" #include "generator.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "path-util.h" #include "proc-cmdline.h" @@ -138,7 +138,7 @@ static int generate_wants_symlinks(void) { if (!f) return log_oom(); - mkdir_parents_label(p, 0755); + (void) mkdir_parents_label(p, 0755); if (symlink(f, p) < 0) r = log_error_errno(errno, diff --git a/src/getty-generator/getty-generator.c b/src/getty-generator/getty-generator.c index aa5a0a6ddb3..b4d4952f999 100644 --- a/src/getty-generator/getty-generator.c +++ b/src/getty-generator/getty-generator.c @@ -10,7 +10,7 @@ #include "fileio.h" #include "generator.h" #include "log.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "path-util.h" #include "process-util.h" #include "strv.h" @@ -31,7 +31,7 @@ static int add_symlink(const char *fservice, const char *tservice) { from = strjoina(SYSTEM_DATA_UNIT_DIR "/", fservice); to = strjoina(arg_dest, "/getty.target.wants/", tservice); - mkdir_parents_label(to, 0755); + (void) mkdir_parents_label(to, 0755); r = symlink(from, to); if (r < 0) { diff --git a/src/hibernate-resume/hibernate-resume-generator.c b/src/hibernate-resume/hibernate-resume-generator.c index 5e986db2b04..ee320909ee9 100644 --- a/src/hibernate-resume/hibernate-resume-generator.c +++ b/src/hibernate-resume/hibernate-resume-generator.c @@ -10,7 +10,7 @@ #include "generator.h" #include "log.h" #include "main-func.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "proc-cmdline.h" #include "special.h" #include "string-util.h" @@ -84,7 +84,7 @@ static int process_resume(void) { if (!lnk) return log_oom(); - mkdir_parents_label(lnk, 0755); + (void) mkdir_parents_label(lnk, 0755); if (symlink(SYSTEM_DATA_UNIT_DIR "/systemd-hibernate-resume@.service", lnk) < 0) return log_error_errno(errno, "Failed to create symlink %s: %m", lnk); diff --git a/src/import/import-fs.c b/src/import/import-fs.c index cacd48fe96e..ff7f51a60a9 100644 --- a/src/import/import-fs.c +++ b/src/import/import-fs.c @@ -14,7 +14,7 @@ #include "import-util.h" #include "install-file.h" #include "main-func.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-argument.h" #include "ratelimit.h" #include "rm-rf.h" diff --git a/src/import/import-raw.c b/src/import/import-raw.c index 153b74d123f..a0208e505cf 100644 --- a/src/import/import-raw.c +++ b/src/import/import-raw.c @@ -18,7 +18,7 @@ #include "install-file.h" #include "io-util.h" #include "machine-pool.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "path-util.h" #include "qcow2-util.h" #include "ratelimit.h" diff --git a/src/import/import-tar.c b/src/import/import-tar.c index 8cbdbaa35f2..f31d3d75a1f 100644 --- a/src/import/import-tar.c +++ b/src/import/import-tar.c @@ -18,7 +18,7 @@ #include "install-file.h" #include "io-util.h" #include "machine-pool.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "path-util.h" #include "process-util.h" #include "qcow2-util.h" diff --git a/src/import/importd.c b/src/import/importd.c index 0400d41b147..66771f63e23 100644 --- a/src/import/importd.c +++ b/src/import/importd.c @@ -19,7 +19,7 @@ #include "machine-pool.h" #include "main-func.h" #include "missing_capability.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "path-util.h" #include "percent-util.h" diff --git a/src/import/pull-raw.c b/src/import/pull-raw.c index 6a0c2c8b177..0623afcc84b 100644 --- a/src/import/pull-raw.c +++ b/src/import/pull-raw.c @@ -17,7 +17,7 @@ #include "import-util.h" #include "install-file.h" #include "macro.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "path-util.h" #include "pull-common.h" #include "pull-job.h" diff --git a/src/import/pull-tar.c b/src/import/pull-tar.c index 9608129e5e2..fd866fc514e 100644 --- a/src/import/pull-tar.c +++ b/src/import/pull-tar.c @@ -16,7 +16,7 @@ #include "import-util.h" #include "install-file.h" #include "macro.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "path-util.h" #include "process-util.h" #include "pull-common.h" diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c index 1bd8f5c0ae6..10d2ed7aece 100644 --- a/src/locale/keymap-util.c +++ b/src/locale/keymap-util.c @@ -18,7 +18,7 @@ #include "keymap-util.h" #include "locale-util.h" #include "macro.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "nulstr-util.h" #include "process-util.h" #include "string-util.h" diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 6e9dde1c155..331dcd2a05d 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -36,7 +36,7 @@ #include "logind-user-dbus.h" #include "logind.h" #include "missing_capability.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "path-util.h" #include "process-util.h" diff --git a/src/login/logind-inhibit.c b/src/login/logind-inhibit.c index 1de71c24812..dbb58e4ac3e 100644 --- a/src/login/logind-inhibit.c +++ b/src/login/logind-inhibit.c @@ -17,7 +17,7 @@ #include "io-util.h" #include "logind-dbus.h" #include "logind-inhibit.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "path-util.h" #include "string-table.h" diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c index 2d546817457..58912b85b35 100644 --- a/src/login/logind-seat.c +++ b/src/login/logind-seat.c @@ -16,7 +16,7 @@ #include "logind-seat-dbus.h" #include "logind-seat.h" #include "logind-session-dbus.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "path-util.h" #include "stdio-util.h" diff --git a/src/login/logind-session.c b/src/login/logind-session.c index d6d67af05a5..ab98a5055df 100644 --- a/src/login/logind-session.c +++ b/src/login/logind-session.c @@ -26,7 +26,7 @@ #include "logind-session-dbus.h" #include "logind-session.h" #include "logind-user-dbus.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "path-util.h" #include "process-util.h" diff --git a/src/login/logind-user.c b/src/login/logind-user.c index 5266f557752..6d250be321a 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c @@ -21,7 +21,7 @@ #include "logind-dbus.h" #include "logind-user-dbus.h" #include "logind-user.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "path-util.h" #include "percent-util.h" diff --git a/src/login/logind.c b/src/login/logind.c index 6e1ebbf9c57..57a8604b7f7 100644 --- a/src/login/logind.c +++ b/src/login/logind.c @@ -27,6 +27,7 @@ #include "logind-user-dbus.h" #include "logind.h" #include "main-func.h" +#include "mkdir-label.h" #include "parse-util.h" #include "process-util.h" #include "selinux-util.h" diff --git a/src/login/user-runtime-dir.c b/src/login/user-runtime-dir.c index a1087ed31c9..5ce5b35e178 100644 --- a/src/login/user-runtime-dir.c +++ b/src/login/user-runtime-dir.c @@ -12,7 +12,7 @@ #include "label.h" #include "limits-util.h" #include "main-func.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-util.h" #include "mountpoint-util.h" #include "path-util.h" diff --git a/src/machine/machine.c b/src/machine/machine.c index a42478e8748..80f73da94a8 100644 --- a/src/machine/machine.c +++ b/src/machine/machine.c @@ -19,7 +19,7 @@ #include "hashmap.h" #include "machine-dbus.h" #include "machine.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "path-util.h" #include "process-util.h" diff --git a/src/machine/machined.c b/src/machine/machined.c index 4ab459d3caf..6ffa4191ec0 100644 --- a/src/machine/machined.c +++ b/src/machine/machined.c @@ -18,10 +18,10 @@ #include "fd-util.h" #include "format-util.h" #include "hostname-util.h" -#include "label.h" #include "machined-varlink.h" #include "machined.h" #include "main-func.h" +#include "mkdir-label.h" #include "process-util.h" #include "service-util.h" #include "signal-util.h" diff --git a/src/network/networkd.c b/src/network/networkd.c index d2748852641..7d63786f484 100644 --- a/src/network/networkd.c +++ b/src/network/networkd.c @@ -11,7 +11,7 @@ #include "daemon-util.h" #include "firewall-util.h" #include "main-func.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "networkd-conf.h" #include "networkd-manager.h" #include "signal-util.h" diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index 2bfff79cde5..40773d90c13 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -10,7 +10,7 @@ #include "format-util.h" #include "fs-util.h" #include "label.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-util.h" #include "mountpoint-util.h" #include "nspawn-mount.h" diff --git a/src/rc-local-generator/rc-local-generator.c b/src/rc-local-generator/rc-local-generator.c index 99cffee3ec3..c2b9e642172 100644 --- a/src/rc-local-generator/rc-local-generator.c +++ b/src/rc-local-generator/rc-local-generator.c @@ -6,7 +6,7 @@ #include "generator.h" #include "log.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "string-util.h" #include "util.h" diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c index 85ab917c4fa..d3bc9027522 100644 --- a/src/resolve/resolved.c +++ b/src/resolve/resolved.c @@ -11,7 +11,7 @@ #include "capability-util.h" #include "daemon-util.h" #include "main-func.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "resolved-bus.h" #include "resolved-conf.h" #include "resolved-manager.h" diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index 367c1df240f..07e301276f7 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -33,7 +33,7 @@ #include "macro.h" #include "memory-util.h" #include "missing_syscall.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "process-util.h" #include "random-util.h" #include "signal-util.h" diff --git a/src/shared/copy.c b/src/shared/copy.c index 51dd08eccd1..fd83d74265e 100644 --- a/src/shared/copy.c +++ b/src/shared/copy.c @@ -20,6 +20,7 @@ #include "io-util.h" #include "macro.h" #include "missing_syscall.h" +#include "mkdir-label.h" #include "mountpoint-util.h" #include "nulstr-util.h" #include "rm-rf.h" diff --git a/src/shared/dev-setup.c b/src/shared/dev-setup.c index 0390abbfdc3..a3405245103 100644 --- a/src/shared/dev-setup.c +++ b/src/shared/dev-setup.c @@ -8,6 +8,7 @@ #include "dev-setup.h" #include "label.h" #include "log.h" +#include "mkdir-label.h" #include "nulstr-util.h" #include "path-util.h" #include "umask-util.h" diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 6b2289defa1..18c79915709 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -46,7 +46,7 @@ #include "hostname-setup.h" #include "id128-util.h" #include "import-util.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-util.h" #include "mountpoint-util.h" #include "namespace-util.h" diff --git a/src/shared/generator.c b/src/shared/generator.c index 3967edfa065..014b34747db 100644 --- a/src/shared/generator.c +++ b/src/shared/generator.c @@ -13,7 +13,7 @@ #include "generator.h" #include "log.h" #include "macro.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "path-util.h" #include "special.h" #include "specifier.h" @@ -63,7 +63,7 @@ int generator_add_symlink(const char *dir, const char *dst, const char *dep_type from = path_is_absolute(src) ? src : strjoina("../", src); to = strjoina(dir, "/", dst, ".", dep_type, "/", basename(src)); - mkdir_parents_label(to, 0755); + (void) mkdir_parents_label(to, 0755); if (symlink(from, to) < 0) if (errno != EEXIST) return log_error_errno(errno, "Failed to create symlink \"%s\": %m", to); diff --git a/src/shared/hwdb-util.c b/src/shared/hwdb-util.c index d7626aed956..a7929bccb09 100644 --- a/src/shared/hwdb-util.c +++ b/src/shared/hwdb-util.c @@ -12,7 +12,7 @@ #include "hwdb-internal.h" #include "hwdb-util.h" #include "label.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "nulstr-util.h" #include "path-util.h" #include "sort-util.h" diff --git a/src/shared/install.c b/src/shared/install.c index 268cbd96026..6e77a72bde5 100644 --- a/src/shared/install.c +++ b/src/shared/install.c @@ -26,7 +26,7 @@ #include "locale-util.h" #include "log.h" #include "macro.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "path-lookup.h" #include "path-util.h" #include "rm-rf.h" @@ -461,7 +461,7 @@ static int create_symlink( * the right place, or negative on error. */ - mkdir_parents_label(new_path, 0755); + (void) mkdir_parents_label(new_path, 0755); if (symlink(old_path, new_path) >= 0) { unit_file_changes_add(changes, n_changes, UNIT_FILE_SYMLINK, new_path, old_path); diff --git a/src/shared/label.h b/src/shared/label.h index b198e140d04..ec5160284dd 100644 --- a/src/shared/label.h +++ b/src/shared/label.h @@ -15,12 +15,6 @@ static inline int label_fix(const char *path, LabelFixFlags flags) { return label_fix_container(path, path, flags); } -int mkdirat_label(int dirfd, const char *path, mode_t mode); - -static inline int mkdir_label(const char *path, mode_t mode) { - return mkdirat_label(AT_FDCWD, path, mode); -} - int symlink_label(const char *old_path, const char *new_path); int symlink_atomic_label(const char *from, const char *to); int mknod_label(const char *pathname, mode_t mode, dev_t dev); diff --git a/src/shared/meson.build b/src/shared/meson.build index 1fd1d711b01..00485e65434 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -209,6 +209,7 @@ shared_sources = files(''' macvlan-util.h main-func.h mkdir-label.c + mkdir-label.h mkfs-util.c mkfs-util.h module-util.h diff --git a/src/shared/mkdir-label.c b/src/shared/mkdir-label.c index 3c332d10074..d36a6466d77 100644 --- a/src/shared/mkdir-label.c +++ b/src/shared/mkdir-label.c @@ -1,13 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ -#include -#include -#include -#include - -#include "label.h" -#include "macro.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "selinux-util.h" #include "smack-util.h" #include "user-util.h" diff --git a/src/shared/mkdir-label.h b/src/shared/mkdir-label.h new file mode 100644 index 00000000000..0b1a3894bd5 --- /dev/null +++ b/src/shared/mkdir-label.h @@ -0,0 +1,17 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +#include +#include + +#include "mkdir.h" + +int mkdirat_label(int dirfd, const char *path, mode_t mode); + +static inline int mkdir_label(const char *path, mode_t mode) { + return mkdirat_label(AT_FDCWD, path, mode); +} + +int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags); +int mkdir_parents_label(const char *path, mode_t mod); +int mkdir_p_label(const char *path, mode_t mode); diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c index da6bf274263..79179684975 100644 --- a/src/shared/mount-setup.c +++ b/src/shared/mount-setup.c @@ -20,7 +20,7 @@ #include "label.h" #include "log.h" #include "macro.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-setup.h" #include "mount-util.h" #include "mountpoint-util.h" diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c index fcc900bdce6..8d4a6cd25a3 100644 --- a/src/shared/mount-util.c +++ b/src/shared/mount-util.c @@ -22,7 +22,7 @@ #include "libmount-util.h" #include "missing_mount.h" #include "missing_syscall.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-util.h" #include "mountpoint-util.h" #include "namespace-util.h" diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c index 1669dec50e3..8094ad76434 100644 --- a/src/shared/socket-label.c +++ b/src/shared/socket-label.c @@ -14,7 +14,7 @@ #include "log.h" #include "macro.h" #include "missing_socket.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "selinux-util.h" #include "socket-util.h" #include "umask-util.h" diff --git a/src/shared/switch-root.c b/src/shared/switch-root.c index 7edb9d7ff27..99cd5741973 100644 --- a/src/shared/switch-root.c +++ b/src/shared/switch-root.c @@ -13,7 +13,7 @@ #include "fd-util.h" #include "log.h" #include "missing_syscall.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-util.h" #include "mountpoint-util.h" #include "path-util.h" diff --git a/src/systemctl/systemctl-edit.c b/src/systemctl/systemctl-edit.c index 2503bddb96c..b59a67ac22f 100644 --- a/src/systemctl/systemctl-edit.c +++ b/src/systemctl/systemctl-edit.c @@ -5,7 +5,7 @@ #include "fd-util.h" #include "fileio.h" #include "fs-util.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "pager.h" #include "path-util.h" #include "pretty-print.h" diff --git a/src/test/test-udev.c b/src/test/test-udev.c index 1a113a94c3c..c0e779a813b 100644 --- a/src/test/test-udev.c +++ b/src/test/test-udev.c @@ -15,7 +15,7 @@ #include "fs-util.h" #include "log.h" #include "main-func.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-util.h" #include "namespace-util.h" #include "selinux-util.h" diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c index 94e99b42de0..6f316746f58 100644 --- a/src/timesync/timesyncd.c +++ b/src/timesync/timesyncd.c @@ -12,7 +12,7 @@ #include "fd-util.h" #include "fs-util.h" #include "main-func.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "network-util.h" #include "process-util.h" #include "signal-util.h" diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index d6206ffd6af..4f1ce1f73fc 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -42,7 +42,7 @@ #include "main-func.h" #include "missing_stat.h" #include "missing_syscall.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "mount-util.h" #include "mountpoint-util.h" #include "offline-passwd.h" diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c index 37cfd8bb72c..56110ba3755 100644 --- a/src/tty-ask-password-agent/tty-ask-password-agent.c +++ b/src/tty-ask-password-agent/tty-ask-password-agent.c @@ -30,7 +30,7 @@ #include "macro.h" #include "main-func.h" #include "memory-util.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "path-util.h" #include "pretty-print.h" #include "process-util.h" diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c index 809db14e607..760c3a4448c 100644 --- a/src/udev/udev-node.c +++ b/src/udev/udev-node.c @@ -17,7 +17,7 @@ #include "format-util.h" #include "fs-util.h" #include "hexdecoct.h" -#include "mkdir.h" +#include "mkdir-label.h" #include "parse-util.h" #include "path-util.h" #include "random-util.h"