Re: [systemd-devel] [PATCH] Make it possible to disable smack separately from xattr support

2013-05-17 Thread Kok, Auke-jan H 
On Thu, May 16, 2013 at 1:40 AM, Karol Lewandowski
k.lewando...@samsung.com wrote:
 Additionally, compile out rule loading if feature is disabled.
 ---
  configure.ac   |   26 ++
  src/core/smack-setup.c |   10 ++
  src/core/socket.c  |4 ++--
  3 files changed, 38 insertions(+), 2 deletions(-)


Thanks, applied!

Auke
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] Make it possible to disable smack separately from xattr support

2013-05-16 Thread Karol Lewandowski 
Additionally, compile out rule loading if feature is disabled.
---
 configure.ac   |   26 ++
 src/core/smack-setup.c |   10 ++
 src/core/socket.c  |4 ++--
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 65186a4..14a90c5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -445,6 +445,31 @@ AC_SUBST(XATTR_LIBS)
 AM_CONDITIONAL([HAVE_XATTR], [test x$have_xattr != xno])
 
 # 
--
+AC_ARG_ENABLE([smack], AS_HELP_STRING([--disable-smack],[Disable optional 
SMACK support]),
+[case ${enableval} in
+yes) have_smack=yes ;;
+no) have_smack=no ;;
+*) AC_MSG_ERROR(bad value ${enableval} for 
--disable-smack) ;;
+esac],
+[have_smack=auto])
+
+if test x${have_xattr} = xno; then
+if test x${have_smack} = xyes; then
+AC_MSG_ERROR(SMACK requires xattr support)
+else
+have_smack=no
+fi
+else
+if test x${have_smack} = xauto; then
+have_smack=yes
+fi
+fi
+
+if test x${have_smack} = xyes ; then
+AC_DEFINE(HAVE_SMACK, 1, [Define if SMACK is available])
+fi
+
+# 
--
 AC_ARG_ENABLE([gcrypt],
 AS_HELP_STRING([--disable-gcrypt],[Disable optional GCRYPT support]),
 [case ${enableval} in
@@ -915,6 +940,7 @@ AC_MSG_RESULT([
 AUDIT:   ${have_audit}
 IMA: ${have_ima}
 SELinux: ${have_selinux}
+SMACK:   ${have_smack}
 XZ:  ${have_xz}
 ACL: ${have_acl}
 XATTR:   ${have_xattr}
diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
index 73eeb04..d67a84a 100644
--- a/src/core/smack-setup.c
+++ b/src/core/smack-setup.c
@@ -42,6 +42,8 @@
 #define SMACK_CONFIG /etc/smack/accesses.d/
 #define CIPSO_CONFIG /etc/smack/cipso/
 
+#ifdef HAVE_SMACK
+
 static int write_rules(const char* dstpath, const char* srcdir) {
 _cleanup_fclose_ FILE *dst = NULL;
 _cleanup_closedir_ DIR *dir = NULL;
@@ -111,8 +113,12 @@ static int write_rules(const char* dstpath, const char* 
srcdir) {
return r;
 }
 
+#endif
 
 int smack_setup(void) {
+
+#ifdef HAVE_SMACK
+
 int r;
 
 r = write_rules(/sys/fs/smackfs/load2, SMACK_CONFIG);
@@ -148,4 +154,8 @@ int smack_setup(void) {
 strerror(abs(r)));
 return 0;
 }
+
+#endif
+
+return 0;
 }
diff --git a/src/core/socket.c b/src/core/socket.c
index 1b08f0a..37ca228 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -788,7 +788,7 @@ static void socket_apply_socket_options(Socket *s, int fd) {
 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s-tcp_congestion, 
strlen(s-tcp_congestion)+1)  0)
 log_warning_unit(UNIT(s)-id, TCP_CONGESTION failed: 
%m);
 
-#ifdef HAVE_XATTR
+#ifdef HAVE_SMACK
 if (s-smack_ip_in)
 if (fsetxattr(fd, security.SMACK64IPIN, s-smack_ip_in, 
strlen(s-smack_ip_in), 0)  0)
 log_error_unit(UNIT(s)-id,
@@ -810,7 +810,7 @@ static void socket_apply_fifo_options(Socket *s, int fd) {
 log_warning_unit(UNIT(s)-id,
  F_SETPIPE_SZ: %m);
 
-#ifdef HAVE_XATTR
+#ifdef HAVE_SMACK
 if (s-smack)
 if (fsetxattr(fd, security.SMACK64, s-smack, 
strlen(s-smack), 0)  0)
 log_error_unit(UNIT(s)-id,
-- 
1.7.10.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel