Print this page
smf: switch to a tri-state for process-security properties true=on,false=off,nil=default

*** 3169,3187 **** err = mc_error_create(err, EINVAL, "couldn't fetch " "default security-flags"); goto out; } ! if (strcmp(cip->vbuf, ":default") == 0) { ! if (secflags_parse(&cip->def_secflags.psf_inherit, "default", ! &cip->secflag_delta) != 0) { ! err = mc_error_create(err, EINVAL, "couldn't parse " ! "security flags: %s", cip->vbuf); ! goto out; ! } ! } else { ! if (secflags_parse(&cip->def_secflags.psf_inherit, cip->vbuf, &cip->secflag_delta) != 0) { err = mc_error_create(err, EINVAL, "couldn't parse " "security flags: %s", cip->vbuf); goto out; } --- 3169,3180 ---- err = mc_error_create(err, EINVAL, "couldn't fetch " "default security-flags"); goto out; } ! if (strcmp(cip->vbuf, ":default") != 0) { ! if (secflags_parse(NULL, cip->vbuf, &cip->secflag_delta) != 0) { err = mc_error_create(err, EINVAL, "couldn't parse " "security flags: %s", cip->vbuf); goto out; }
*** 3431,3447 **** if (scf_default_secflags(h, &cip->def_secflags) != 0) { err = mc_error_create(err, EINVAL, "couldn't fetch " "default security-flags"); goto out; } - - if (secflags_parse(&cip->def_secflags.psf_inherit, "default", - &cip->secflag_delta) != 0) { - err = mc_error_create(err, EINVAL, "couldn't parse " - "security flags: %s", cip->vbuf); - goto out; - } } *mcpp = cip; out: --- 3424,3433 ----
*** 3510,3520 **** int restarter_set_method_context(struct method_context *cip, const char **fp) { pid_t mypid = -1; int r, ret; - secflagdelta_t delta = {0}; cip->pwbuf = NULL; *fp = NULL; if (cip->gid != (gid_t)-1) { --- 3496,3505 ----
*** 3607,3644 **** goto out; } } - delta.psd_ass_active = B_TRUE; - secflags_copy(&delta.psd_assign, &cip->def_secflags.psf_inherit); if (psecflags(P_PID, P_MYID, PSF_INHERIT, ! &delta) != 0) { ! *fp = "psecflags (inherit defaults)"; ret = errno; goto out; } ! if (psecflags(P_PID, P_MYID, PSF_INHERIT, ! &cip->secflag_delta) != 0) { ! *fp = "psecflags (inherit)"; ret = errno; goto out; } ! secflags_copy(&delta.psd_assign, &cip->def_secflags.psf_lower); ! if (psecflags(P_PID, P_MYID, PSF_LOWER, ! &delta) != 0) { ! *fp = "psecflags (lower)"; ret = errno; goto out; } ! secflags_copy(&delta.psd_assign, &cip->def_secflags.psf_upper); ! if (psecflags(P_PID, P_MYID, PSF_UPPER, ! &delta) != 0) { ! *fp = "psecflags (upper)"; ret = errno; goto out; } if (restarter_rm_libs_loadable()) { --- 3592,3625 ---- goto out; } } if (psecflags(P_PID, P_MYID, PSF_INHERIT, ! &cip->def_secflags.ss_default) != 0) { ! *fp = "psecflags (default inherit)"; ret = errno; goto out; } ! if (psecflags(P_PID, P_MYID, PSF_LOWER, ! &cip->def_secflags.ss_lower) != 0) { ! *fp = "psecflags (default lower)"; ret = errno; goto out; } ! if (psecflags(P_PID, P_MYID, PSF_UPPER, ! &cip->def_secflags.ss_upper) != 0) { ! *fp = "psecflags (default upper)"; ret = errno; goto out; } ! if (psecflags(P_PID, P_MYID, PSF_INHERIT, ! &cip->secflag_delta) != 0) { ! *fp = "psecflags (from manifest)"; ret = errno; goto out; } if (restarter_rm_libs_loadable()) {