Applied. Thanks!
Tom
On Sat, Apr 26, 2014 at 12:26 AM, Will Woods <wwo...@redhat.com> wrote:
> 7-space indentation is just too weird to leave alone.
> Make it 8 spaces, as per CODING_STYLE. No other changes.
> ---
> src/core/ima-setup.c | 110 +++++++++++++++++-----------------
> src/core/selinux-setup.c | 152
> +++++++++++++++++++++++------------------------
> 2 files changed, 131 insertions(+), 131 deletions(-)
>
> diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c
> index ed65096..7bffd8d 100644
> --- a/src/core/ima-setup.c
> +++ b/src/core/ima-setup.c
> @@ -44,63 +44,63 @@
> int ima_setup(void) {
>
> #ifdef HAVE_IMA
> - struct stat st;
> - ssize_t policy_size = 0, written = 0;
> - char *policy;
> - _cleanup_close_ int policyfd = -1, imafd = -1;
> - int result = 0;
> -
> - if (stat(IMA_POLICY_PATH, &st) < 0)
> - return 0;
> -
> - policy_size = st.st_size;
> - if (stat(IMA_SECFS_DIR, &st) < 0) {
> - log_debug("IMA support is disabled in the kernel, ignoring.");
> - return 0;
> - }
> -
> - if (stat(IMA_SECFS_POLICY, &st) < 0) {
> - log_error("Another IMA custom policy has already been loaded,
> "
> - "ignoring.");
> - return 0;
> - }
> -
> - policyfd = open(IMA_POLICY_PATH, O_RDONLY|O_CLOEXEC);
> - if (policyfd < 0) {
> - log_error("Failed to open the IMA custom policy file %s (%m),
> "
> - "ignoring.", IMA_POLICY_PATH);
> - return 0;
> - }
> -
> - imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
> - if (imafd < 0) {
> - log_error("Failed to open the IMA kernel interface %s (%m), "
> - "ignoring.", IMA_SECFS_POLICY);
> - goto out;
> - }
> -
> - policy = mmap(NULL, policy_size, PROT_READ, MAP_PRIVATE, policyfd, 0);
> - if (policy == MAP_FAILED) {
> - log_error("mmap() failed (%m), freezing");
> - result = -errno;
> - goto out;
> - }
> -
> - written = loop_write(imafd, policy, (size_t)policy_size, false);
> - if (written != policy_size) {
> - log_error("Failed to load the IMA custom policy file %s (%m),
> "
> - "ignoring.", IMA_POLICY_PATH);
> - goto out_mmap;
> - }
> -
> - log_info("Successfully loaded the IMA custom policy %s.",
> - IMA_POLICY_PATH);
> + struct stat st;
> + ssize_t policy_size = 0, written = 0;
> + char *policy;
> + _cleanup_close_ int policyfd = -1, imafd = -1;
> + int result = 0;
> +
> + if (stat(IMA_POLICY_PATH, &st) < 0)
> + return 0;
> +
> + policy_size = st.st_size;
> + if (stat(IMA_SECFS_DIR, &st) < 0) {
> + log_debug("IMA support is disabled in the kernel,
> ignoring.");
> + return 0;
> + }
> +
> + if (stat(IMA_SECFS_POLICY, &st) < 0) {
> + log_error("Another IMA custom policy has already been
> loaded, "
> + "ignoring.");
> + return 0;
> + }
> +
> + policyfd = open(IMA_POLICY_PATH, O_RDONLY|O_CLOEXEC);
> + if (policyfd < 0) {
> + log_error("Failed to open the IMA custom policy file %s
> (%m), "
> + "ignoring.", IMA_POLICY_PATH);
> + return 0;
> + }
> +
> + imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
> + if (imafd < 0) {
> + log_error("Failed to open the IMA kernel interface %s (%m), "
> + "ignoring.", IMA_SECFS_POLICY);
> + goto out;
> + }
> +
> + policy = mmap(NULL, policy_size, PROT_READ, MAP_PRIVATE, policyfd,
> 0);
> + if (policy == MAP_FAILED) {
> + log_error("mmap() failed (%m), freezing");
> + result = -errno;
> + goto out;
> + }
> +
> + written = loop_write(imafd, policy, (size_t)policy_size, false);
> + if (written != policy_size) {
> + log_error("Failed to load the IMA custom policy file %s
> (%m), "
> + "ignoring.", IMA_POLICY_PATH);
> + goto out_mmap;
> + }
> +
> + log_info("Successfully loaded the IMA custom policy %s.",
> + IMA_POLICY_PATH);
> out_mmap:
> - munmap(policy, policy_size);
> + munmap(policy, policy_size);
> out:
> - if (result)
> - return result;
> + if (result)
> + return result;
> #endif /* HAVE_IMA */
>
> - return 0;
> + return 0;
> }
> diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
> index 9a5d6b2..6d8bc89 100644
> --- a/src/core/selinux-setup.c
> +++ b/src/core/selinux-setup.c
> @@ -46,82 +46,82 @@ static int null_log(int type, const char *fmt, ...) {
> int selinux_setup(bool *loaded_policy) {
>
> #ifdef HAVE_SELINUX
> - int enforce = 0;
> - usec_t before_load, after_load;
> - security_context_t con;
> - int r;
> - union selinux_callback cb;
> -
> - assert(loaded_policy);
> -
> - /* Turn off all of SELinux' own logging, we want to do that */
> - cb.func_log = null_log;
> - selinux_set_callback(SELINUX_CB_LOG, cb);
> -
> - /* Don't load policy in the initrd if we don't appear to have
> - * it. For the real root, we check below if we've already
> - * loaded policy, and return gracefully.
> - */
> - if (in_initrd() && access(selinux_path(), F_OK) < 0)
> - return 0;
> -
> - /* Already initialized by somebody else? */
> - r = getcon_raw(&con);
> - if (r == 0) {
> - bool initialized;
> -
> - initialized = !streq(con, "kernel");
> - freecon(con);
> -
> - if (initialized)
> - return 0;
> - }
> -
> - /* Make sure we have no fds open while loading the policy and
> - * transitioning */
> - log_close();
> -
> - /* Now load the policy */
> - before_load = now(CLOCK_MONOTONIC);
> - r = selinux_init_load_policy(&enforce);
> - if (r == 0) {
> - char timespan[FORMAT_TIMESPAN_MAX];
> - char *label;
> -
> - retest_selinux();
> -
> - /* Transition to the new context */
> - r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH,
> &label);
> - if (r < 0 || label == NULL) {
> - log_open();
> - log_error("Failed to compute init label, ignoring.");
> - } else {
> - r = setcon(label);
> -
> - log_open();
> - if (r < 0)
> - log_error("Failed to transition into init
> label '%s', ignoring.", label);
> -
> - label_free(label);
> - }
> -
> - after_load = now(CLOCK_MONOTONIC);
> -
> - log_info("Successfully loaded SELinux policy in %s.",
> - format_timespan(timespan, sizeof(timespan),
> after_load - before_load, 0));
> -
> - *loaded_policy = true;
> -
> - } else {
> - log_open();
> -
> - if (enforce > 0) {
> - log_error("Failed to load SELinux policy. Freezing.");
> - return -EIO;
> - } else
> - log_debug("Unable to load SELinux policy. Ignoring.");
> - }
> + int enforce = 0;
> + usec_t before_load, after_load;
> + security_context_t con;
> + int r;
> + union selinux_callback cb;
> +
> + assert(loaded_policy);
> +
> + /* Turn off all of SELinux' own logging, we want to do that */
> + cb.func_log = null_log;
> + selinux_set_callback(SELINUX_CB_LOG, cb);
> +
> + /* Don't load policy in the initrd if we don't appear to have
> + * it. For the real root, we check below if we've already
> + * loaded policy, and return gracefully.
> + */
> + if (in_initrd() && access(selinux_path(), F_OK) < 0)
> + return 0;
> +
> + /* Already initialized by somebody else? */
> + r = getcon_raw(&con);
> + if (r == 0) {
> + bool initialized;
> +
> + initialized = !streq(con, "kernel");
> + freecon(con);
> +
> + if (initialized)
> + return 0;
> + }
> +
> + /* Make sure we have no fds open while loading the policy and
> + * transitioning */
> + log_close();
> +
> + /* Now load the policy */
> + before_load = now(CLOCK_MONOTONIC);
> + r = selinux_init_load_policy(&enforce);
> + if (r == 0) {
> + char timespan[FORMAT_TIMESPAN_MAX];
> + char *label;
> +
> + retest_selinux();
> +
> + /* Transition to the new context */
> + r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH,
> &label);
> + if (r < 0 || label == NULL) {
> + log_open();
> + log_error("Failed to compute init label, ignoring.");
> + } else {
> + r = setcon(label);
> +
> + log_open();
> + if (r < 0)
> + log_error("Failed to transition into init
> label '%s', ignoring.", label);
> +
> + label_free(label);
> + }
> +
> + after_load = now(CLOCK_MONOTONIC);
> +
> + log_info("Successfully loaded SELinux policy in %s.",
> + format_timespan(timespan, sizeof(timespan),
> after_load - before_load, 0));
> +
> + *loaded_policy = true;
> +
> + } else {
> + log_open();
> +
> + if (enforce > 0) {
> + log_error("Failed to load SELinux policy.
> Freezing.");
> + return -EIO;
> + } else
> + log_debug("Unable to load SELinux policy.
> Ignoring.");
> + }
> #endif
>
> - return 0;
> + return 0;
> }
> --
> 1.9.0
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
