[systemd-devel] [PATCH 1/2] label: move selinux label APIs to its util file
And add prefix selinux_ to each APIs like smack.
---
src/core/main.c | 4 +-
src/core/namespace.c | 4 +-
src/core/selinux-setup.c | 4 +-
src/core/socket.c | 12 +-
src/hostname/hostnamed.c | 2 +-
src/locale/localed.c | 2 +-
src/login/logind-dbus.c | 2 +-
src/shared/dev-setup.c| 4 +-
src/shared/fileio-label.c | 12 +-
src/shared/label.c| 419 +-
src/shared/label.h| 24 +--
src/shared/selinux-util.c | 365 +++-
src/shared/selinux-util.h | 14 ++
src/shared/smack-util.c | 45 -
src/shared/smack-util.h | 1 +
src/shared/socket-label.c | 6 +-
src/sysusers/sysusers.c | 2 +-
src/test/test-udev.c | 4 +-
src/timedate/timedated.c | 2 +-
src/tmpfiles/tmpfiles.c | 32 ++--
src/udev/udev-node.c | 10 +-
src/udev/udevadm.c| 4 +-
src/udev/udevd.c | 4 +-
src/update-done/update-done.c | 6 +-
24 files changed, 483 insertions(+), 501 deletions(-)
diff --git a/src/core/main.c b/src/core/main.c
index 792b316..6f4a9da 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1301,7 +1301,7 @@ int main(int argc, char *argv[]) {
dual_timestamp_get(security_finish_timestamp);
}
-if (label_init(NULL) 0)
+if (selinux_label_init(NULL) 0)
goto finish;
if (!skip_setup) {
@@ -1816,7 +1816,7 @@ finish:
set_free(arg_syscall_archs);
arg_syscall_archs = NULL;
-label_finish();
+selinux_label_finish();
if (reexecute) {
const char **args;
diff --git a/src/core/namespace.c b/src/core/namespace.c
index fe95377..d1e7cb6 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -224,9 +224,9 @@ static int mount_dev(BindMount *m) {
goto fail;
}
-label_context_set(d, st.st_mode);
+selinux_label_context_set(d, st.st_mode);
r = mknod(dn, st.st_mode, st.st_rdev);
-label_context_clear();
+selinux_label_context_clear();
if (r 0) {
r = -errno;
diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
index b419a27..2cd7e4c 100644
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -87,7 +87,7 @@ int selinux_setup(bool *loaded_policy) {
retest_selinux();
/* Transition to the new context */
-r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH,
label);
+r =
selinux_label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, label);
if (r 0 || label == NULL) {
log_open();
log_error(Failed to compute init label, ignoring.);
@@ -98,7 +98,7 @@ int selinux_setup(bool *loaded_policy) {
if (r 0)
log_error(Failed to transition into init
label '%s', ignoring., label);
-label_free(label);
+selinux_label_free(label);
}
after_load = now(CLOCK_MONOTONIC);
diff --git a/src/core/socket.c b/src/core/socket.c
index a16b20d..5c217cb 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -958,7 +958,7 @@ static int fifo_address_create(
mkdir_parents_label(path, directory_mode);
-r = label_context_set(path, S_IFIFO);
+r = selinux_label_context_set(path, S_IFIFO);
if (r 0)
goto fail;
@@ -981,7 +981,7 @@ static int fifo_address_create(
goto fail;
}
-label_context_clear();
+selinux_label_context_clear();
if (fstat(fd, st) 0) {
r = -errno;
@@ -1001,7 +1001,7 @@ static int fifo_address_create(
return 0;
fail:
-label_context_clear();
+selinux_label_context_clear();
safe_close(fd);
return r;
@@ -1139,7 +1139,7 @@ static int socket_open_fds(Socket *s) {
if (UNIT_ISSET(s-service)
SERVICE(UNIT_DEREF(s-service))-exec_command[SERVICE_EXEC_START]) {
-r =
label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s-service))-exec_command[SERVICE_EXEC_START]-path,
label);
+r =
selinux_label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s-service))-exec_command[SERVICE_EXEC_START]-path,
label);
if (r 0 r != -EPERM)
return r;
}
@@ -1200,12 +1200,12 @@ static int socket_open_fds(Socket *s) {
Re: [systemd-devel] [PATCH 1/2] label: move selinux label APIs to its util file
On Mon, 18.08.14 15:06, WaLyong Cho (walyong@samsung.com) wrote: And add prefix selinux_ to each APIs like smack. I am a bit concerned about this, as selinux_ is really the prefix the selinux libraries use for most of their newer symbols. And they have a lot of symbols that actually are named very similar to ours (given that ours are just wrappers for them anyway to just make their apis more digestable...). libselinux is quite chaotic, they also use the selabel_ prefix sometimes, and sometimes no prefix it all. Other times they use the security_ prefix. Seems they really didn't understand the concept of namespacing in C... Anyway, maybe we can find a different prefix to use. selnx_ or so? Not pretty, but at least distinct? sel_? se_linux_? util_selinux? or maybe we just call call our internal selinux apis label_selinux_xyz, and our smack apis label_smack_xyz? Or maybe mac_selinux_xyz and mac_smack_xyz? I think the latter sounds most appropriate to me right now, as it is still somewhat short, and sufficiently distinctive. I'd probably go for that. Any other suggestions? Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 1/2] label: move selinux label APIs to its util file
On 08/18/2014 10:09 PM, Lennart Poettering wrote:
On Mon, 18.08.14 15:06, WaLyong Cho (walyong@samsung.com) wrote:
And add prefix selinux_ to each APIs like smack.
I am a bit concerned about this, as selinux_ is really the prefix the
selinux libraries use for most of their newer symbols. And they have a
lot of symbols that actually are named very similar to ours (given that
ours are just wrappers for them anyway to just make their apis more
digestable...). libselinux is quite chaotic, they also use the
selabel_ prefix sometimes, and sometimes no prefix it all. Other times
they use the security_ prefix. Seems they really didn't understand the
concept of namespacing in C...
Anyway, maybe we can find a different prefix to use. selnx_ or so? Not
pretty, but at least distinct? sel_? se_linux_? util_selinux?
or maybe we just call call our internal selinux apis
label_selinux_xyz, and our smack apis label_smack_xyz?
Or maybe mac_selinux_xyz and mac_smack_xyz?
I think the latter sounds most appropriate to me right now, as it is
still somewhat short, and sufficiently distinctive. I'd probably go for
that. Any other suggestions?
Both sounds good.
How does we do on filename?
label-selinux.{c/h} and label-smack.{c/h}?
Or
mac.{c/h}, mac-selinux.{c/h} and mac-smack.{c/h}?
And does we consider also selinux-{access/setup}.{c/h} and
smack-setup.{c/h}?
Lennart
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 1/2] label: move selinux label APIs to its util file
On Mon, 18.08.14 22:40, WaLyong Cho (walyong@samsung.com) wrote:
On 08/18/2014 10:09 PM, Lennart Poettering wrote:
On Mon, 18.08.14 15:06, WaLyong Cho (walyong@samsung.com) wrote:
And add prefix selinux_ to each APIs like smack.
I am a bit concerned about this, as selinux_ is really the prefix the
selinux libraries use for most of their newer symbols. And they have a
lot of symbols that actually are named very similar to ours (given that
ours are just wrappers for them anyway to just make their apis more
digestable...). libselinux is quite chaotic, they also use the
selabel_ prefix sometimes, and sometimes no prefix it all. Other times
they use the security_ prefix. Seems they really didn't understand the
concept of namespacing in C...
Anyway, maybe we can find a different prefix to use. selnx_ or so? Not
pretty, but at least distinct? sel_? se_linux_? util_selinux?
or maybe we just call call our internal selinux apis
label_selinux_xyz, and our smack apis label_smack_xyz?
Or maybe mac_selinux_xyz and mac_smack_xyz?
I think the latter sounds most appropriate to me right now, as it is
still somewhat short, and sufficiently distinctive. I'd probably go for
that. Any other suggestions?
Both sounds good.
How does we do on filename?
label-selinux.{c/h} and label-smack.{c/h}?
Or
mac.{c/h}, mac-selinux.{c/h} and mac-smack.{c/h}?
Maybe selinux-label.c/h, smack-label.ch and so on?
That way it would fit relatively nicely with selinux-access.c/h,
selinux-setup.c/h, and so on..
Lennart
--
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
