Print this page
smf: switch to a tri-state for process-security properties true=on,false=off,nil=default
*** 3169,3187 ****
err = mc_error_create(err, EINVAL, "couldn't fetch "
"default security-flags");
goto out;
}
! if (strcmp(cip->vbuf, ":default") == 0) {
! if (secflags_parse(&cip->def_secflags.psf_inherit, "default",
! &cip->secflag_delta) != 0) {
! err = mc_error_create(err, EINVAL, "couldn't parse "
! "security flags: %s", cip->vbuf);
! goto out;
! }
! } else {
! if (secflags_parse(&cip->def_secflags.psf_inherit, cip->vbuf,
&cip->secflag_delta) != 0) {
err = mc_error_create(err, EINVAL, "couldn't parse "
"security flags: %s", cip->vbuf);
goto out;
}
--- 3169,3180 ----
err = mc_error_create(err, EINVAL, "couldn't fetch "
"default security-flags");
goto out;
}
! if (strcmp(cip->vbuf, ":default") != 0) {
! if (secflags_parse(NULL, cip->vbuf,
&cip->secflag_delta) != 0) {
err = mc_error_create(err, EINVAL, "couldn't parse "
"security flags: %s", cip->vbuf);
goto out;
}
*** 3431,3447 ****
if (scf_default_secflags(h, &cip->def_secflags) != 0) {
err = mc_error_create(err, EINVAL, "couldn't fetch "
"default security-flags");
goto out;
}
-
- if (secflags_parse(&cip->def_secflags.psf_inherit, "default",
- &cip->secflag_delta) != 0) {
- err = mc_error_create(err, EINVAL, "couldn't parse "
- "security flags: %s", cip->vbuf);
- goto out;
- }
}
*mcpp = cip;
out:
--- 3424,3433 ----
*** 3510,3520 ****
int
restarter_set_method_context(struct method_context *cip, const char **fp)
{
pid_t mypid = -1;
int r, ret;
- secflagdelta_t delta = {0};
cip->pwbuf = NULL;
*fp = NULL;
if (cip->gid != (gid_t)-1) {
--- 3496,3505 ----
*** 3607,3644 ****
goto out;
}
}
- delta.psd_ass_active = B_TRUE;
- secflags_copy(&delta.psd_assign, &cip->def_secflags.psf_inherit);
if (psecflags(P_PID, P_MYID, PSF_INHERIT,
! &delta) != 0) {
! *fp = "psecflags (inherit defaults)";
ret = errno;
goto out;
}
! if (psecflags(P_PID, P_MYID, PSF_INHERIT,
! &cip->secflag_delta) != 0) {
! *fp = "psecflags (inherit)";
ret = errno;
goto out;
}
! secflags_copy(&delta.psd_assign, &cip->def_secflags.psf_lower);
! if (psecflags(P_PID, P_MYID, PSF_LOWER,
! &delta) != 0) {
! *fp = "psecflags (lower)";
ret = errno;
goto out;
}
! secflags_copy(&delta.psd_assign, &cip->def_secflags.psf_upper);
! if (psecflags(P_PID, P_MYID, PSF_UPPER,
! &delta) != 0) {
! *fp = "psecflags (upper)";
ret = errno;
goto out;
}
if (restarter_rm_libs_loadable()) {
--- 3592,3625 ----
goto out;
}
}
if (psecflags(P_PID, P_MYID, PSF_INHERIT,
! &cip->def_secflags.ss_default) != 0) {
! *fp = "psecflags (default inherit)";
ret = errno;
goto out;
}
! if (psecflags(P_PID, P_MYID, PSF_LOWER,
! &cip->def_secflags.ss_lower) != 0) {
! *fp = "psecflags (default lower)";
ret = errno;
goto out;
}
! if (psecflags(P_PID, P_MYID, PSF_UPPER,
! &cip->def_secflags.ss_upper) != 0) {
! *fp = "psecflags (default upper)";
ret = errno;
goto out;
}
! if (psecflags(P_PID, P_MYID, PSF_INHERIT,
! &cip->secflag_delta) != 0) {
! *fp = "psecflags (from manifest)";
ret = errno;
goto out;
}
if (restarter_rm_libs_loadable()) {