Print this page
smf: switch to a tri-state for process-security properties true=on,false=off,nil=default
@@ -3169,19 +3169,12 @@
err = mc_error_create(err, EINVAL, "couldn't fetch "
"default security-flags");
goto out;
}
- if (strcmp(cip->vbuf, ":default") == 0) {
- if (secflags_parse(&cip->def_secflags.psf_inherit, "default",
- &cip->secflag_delta) != 0) {
- err = mc_error_create(err, EINVAL, "couldn't parse "
- "security flags: %s", cip->vbuf);
- goto out;
- }
- } else {
- if (secflags_parse(&cip->def_secflags.psf_inherit, cip->vbuf,
+ if (strcmp(cip->vbuf, ":default") != 0) {
+ if (secflags_parse(NULL, cip->vbuf,
&cip->secflag_delta) != 0) {
err = mc_error_create(err, EINVAL, "couldn't parse "
"security flags: %s", cip->vbuf);
goto out;
}
@@ -3431,17 +3424,10 @@
if (scf_default_secflags(h, &cip->def_secflags) != 0) {
err = mc_error_create(err, EINVAL, "couldn't fetch "
"default security-flags");
goto out;
}
-
- if (secflags_parse(&cip->def_secflags.psf_inherit, "default",
- &cip->secflag_delta) != 0) {
- err = mc_error_create(err, EINVAL, "couldn't parse "
- "security flags: %s", cip->vbuf);
- goto out;
- }
}
*mcpp = cip;
out:
@@ -3510,11 +3496,10 @@
int
restarter_set_method_context(struct method_context *cip, const char **fp)
{
pid_t mypid = -1;
int r, ret;
- secflagdelta_t delta = {0};
cip->pwbuf = NULL;
*fp = NULL;
if (cip->gid != (gid_t)-1) {
@@ -3607,38 +3592,34 @@
goto out;
}
}
- delta.psd_ass_active = B_TRUE;
- secflags_copy(&delta.psd_assign, &cip->def_secflags.psf_inherit);
if (psecflags(P_PID, P_MYID, PSF_INHERIT,
- &delta) != 0) {
- *fp = "psecflags (inherit defaults)";
+ &cip->def_secflags.ss_default) != 0) {
+ *fp = "psecflags (default inherit)";
ret = errno;
goto out;
}
- if (psecflags(P_PID, P_MYID, PSF_INHERIT,
- &cip->secflag_delta) != 0) {
- *fp = "psecflags (inherit)";
+ if (psecflags(P_PID, P_MYID, PSF_LOWER,
+ &cip->def_secflags.ss_lower) != 0) {
+ *fp = "psecflags (default lower)";
ret = errno;
goto out;
}
- secflags_copy(&delta.psd_assign, &cip->def_secflags.psf_lower);
- if (psecflags(P_PID, P_MYID, PSF_LOWER,
- &delta) != 0) {
- *fp = "psecflags (lower)";
+ if (psecflags(P_PID, P_MYID, PSF_UPPER,
+ &cip->def_secflags.ss_upper) != 0) {
+ *fp = "psecflags (default upper)";
ret = errno;
goto out;
}
- secflags_copy(&delta.psd_assign, &cip->def_secflags.psf_upper);
- if (psecflags(P_PID, P_MYID, PSF_UPPER,
- &delta) != 0) {
- *fp = "psecflags (upper)";
+ if (psecflags(P_PID, P_MYID, PSF_INHERIT,
+ &cip->secflag_delta) != 0) {
+ *fp = "psecflags (from manifest)";
ret = errno;
goto out;
}
if (restarter_rm_libs_loadable()) {