From 45b30d15b8bf1dd877f9871951d9c7f66c957769 Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay@vrfy.org>
Date: Wed, 11 Apr 2012 12:30:53 +0200
Subject: [PATCH] split selinux label operations out of cgroup-util,
socket-util
This prevents linking of selinux and libdl for another 15 binaries.
(cherry picked from commit cc527a4734d636f1ab5a66576cb7e232af3cc261)
Conflicts:
Makefile.am
---
Makefile.am | 111 +++++++++++++++++++++--------------
src/shared/cgroup-label.c | 81 +++++++++++++++++++++++++
src/shared/cgroup-util.c | 45 --------------
src/shared/socket-label.c | 143 +++++++++++++++++++++++++++++++++++++++++++++
src/shared/socket-util.c | 104 ---------------------------------
5 files changed, 291 insertions(+), 193 deletions(-)
create mode 100644 src/shared/cgroup-label.c
create mode 100644 src/shared/socket-label.c
diff --git a/Makefile.am b/Makefile.am
index 87c94b2..27a283e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -564,29 +564,30 @@ libsystemd_shared_la_SOURCES = \
src/shared/pager.c \
src/shared/pager.h \
src/shared/ioprio.h \
+ src/shared/socket-util.c \
+ src/shared/socket-util.h \
+ src/shared/cgroup-util.c \
+ src/shared/cgroup-util.h \
src/shared/list.h \
src/shared/macro.h
# ------------------------------------------------------------------------------
noinst_LTLIBRARIES += \
- libsystemd-shared-selinux.la
+ libsystemd-label.la
-libsystemd_shared_selinux_la_SOURCES = \
- src/shared/cgroup-util.c \
- src/shared/cgroup-util.h \
- src/shared/socket-util.c \
- src/shared/socket-util.h \
+libsystemd_label_la_SOURCES = \
+ src/shared/cgroup-label.c \
+ src/shared/socket-label.c \
src/shared/label.c \
src/shared/label.h \
src/shared/mkdir.c \
src/shared/mkdir.h
-libsystemd_shared_selinux_la_CFLAGS = \
+libsystemd_label_la_CFLAGS = \
$(AM_CFLAGS) \
$(SELINUX_CFLAGS)
-libsystemd_shared_selinux_la_LIBADD = \
- libsystemd-shared.la \
+libsystemd_label_la_LIBADD = \
$(SELINUX_LIBS)
# ------------------------------------------------------------------------------
@@ -775,8 +776,9 @@ libsystemd_core_la_CFLAGS = \
$(KMOD_CFLAGS)
libsystemd_core_la_LIBADD = \
- libsystemd-shared-selinux.la \
libsystemd-capability.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
$(DBUS_LIBS) \
$(UDEV_LIBS) \
$(LIBWRAP_LIBS) \
@@ -832,7 +834,7 @@ test_loopback_SOURCES = \
src/loopback-setup.c
test_loopback_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-shared.la
test_hostname_SOURCES = \
src/test-hostname.c \
@@ -852,7 +854,8 @@ test_cgroup_SOURCES = \
src/test-cgroup.c
test_cgroup_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-label.la \
+ libsystemd-shared.la
test_env_replace_SOURCES = \
src/test-env-replace.c
@@ -878,7 +881,8 @@ test_install_CFLAGS = \
$(DBUS_CFLAGS)
test_install_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-label.la \
+ libsystemd-shared.la
test_watchdog_SOURCES = \
src/test-watchdog.c \
@@ -924,7 +928,8 @@ systemd_shutdownd_SOURCES = \
src/shutdownd.c
systemd_shutdownd_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
libsystemd-daemon.la
pkginclude_HEADERS += \
@@ -943,7 +948,8 @@ systemd_shutdown_CFLAGS = \
$(UDEV_CFLAGS)
systemd_shutdown_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
$(UDEV_LIBS)
# ------------------------------------------------------------------------------
@@ -963,7 +969,8 @@ systemd_tmpfiles_SOURCES = \
src/tmpfiles.c
systemd_tmpfiles_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-label.la \
+ libsystemd-shared.la
# ------------------------------------------------------------------------------
systemd_machine_id_setup_SOURCES = \
@@ -971,7 +978,8 @@ systemd_machine_id_setup_SOURCES = \
src/machine-id-main.c
systemd_machine_id_setup_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
libsystemd-id128.la
# ------------------------------------------------------------------------------
@@ -1028,14 +1036,16 @@ systemd_getty_generator_SOURCES = \
src/unit-name.c
systemd_getty_generator_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-label.la \
+ libsystemd-shared.la
# ------------------------------------------------------------------------------
systemd_rc_local_generator_SOURCES = \
src/rc-local-generator.c
systemd_rc_local_generator_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-label.la \
+ libsystemd-shared.la
# ------------------------------------------------------------------------------
systemd_remount_api_vfs_SOURCES = \
@@ -1075,7 +1085,8 @@ systemctl_CFLAGS = \
$(DBUS_CFLAGS)
systemctl_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
libsystemd-daemon.la \
libsystemd-journal.la \
libsystemd-id128.la \
@@ -1096,7 +1107,8 @@ systemd_ask_password_SOURCES = \
src/ask-password-api.c
systemd_ask_password_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-label.la \
+ libsystemd-shared.la
# ------------------------------------------------------------------------------
systemd_reply_password_SOURCES = \
@@ -1111,14 +1123,14 @@ systemd_cgls_SOURCES = \
src/cgroup-show.c
systemd_cgls_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-shared.la
# ------------------------------------------------------------------------------
systemd_cgtop_SOURCES = \
src/cgtop.c
systemd_cgtop_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-shared.la
# ------------------------------------------------------------------------------
systemd_nspawn_SOURCES = \
@@ -1126,7 +1138,8 @@ systemd_nspawn_SOURCES = \
src/loopback-setup.c
systemd_nspawn_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
libsystemd-capability.la \
libsystemd-daemon.la
@@ -1190,7 +1203,8 @@ systemd_tty_ask_password_agent_SOURCES = \
src/utmp-wtmp.c
systemd_tty_ask_password_agent_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-label.la \
+ libsystemd-shared.la
# ------------------------------------------------------------------------------
libsystemd_daemon_la_SOURCES = \
@@ -1280,7 +1294,7 @@ test_id128_SOURCES = \
src/test-id128.c
test_id128_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-shared.la \
libsystemd-id128.la
noinst_PROGRAMS += \
@@ -1340,7 +1354,8 @@ nodist_systemd_journald_SOURCES = \
systemd_journald_CFLAGS =
systemd_journald_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
libsystemd-audit.la \
libsystemd-daemon.la \
libsystemd-login.la \
@@ -1367,7 +1382,7 @@ systemd_cat_SOURCES = \
src/journal/cat.c
systemd_cat_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-shared.la \
libsystemd-journal.la
journalctl_SOURCES = \
@@ -1375,7 +1390,7 @@ journalctl_SOURCES = \
src/logs-show.c
journalctl_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-shared.la \
libsystemd-journal.la \
libsystemd-id128.la
@@ -1397,7 +1412,8 @@ test_journal_SOURCES = \
src/journal/journal-send.c
test_journal_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
libsystemd-id128.la
if HAVE_XZ
@@ -1416,7 +1432,7 @@ test_journal_send_SOURCES = \
src/journal/test-journal-send.c
test_journal_send_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-shared.la \
libsystemd-journal.la
libsystemd_journal_la_SOURCES = \
@@ -1436,7 +1452,7 @@ libsystemd_journal_la_LDFLAGS = \
-Wl,--version-script=$(top_srcdir)/src/journal/libsystemd-journal.sym
libsystemd_journal_la_LIBADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-shared.la \
libsystemd-id128.la
if HAVE_XZ
@@ -1533,7 +1549,8 @@ systemd_coredump_SOURCES = \
systemd_coredump_LDADD = \
libsystemd-journal.la \
libsystemd-login.la \
- libsystemd-shared-selinux.la
+ libsystemd-label.la \
+ libsystemd-shared.la
rootlibexec_PROGRAMS += \
systemd-coredump
@@ -1707,7 +1724,8 @@ systemd_random_seed_SOURCES = \
src/random-seed.c
systemd_random_seed_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-label.la \
+ libsystemd-shared.la
randomseed-install-data-hook:
$(MKDIR_P) -m 0755 \
@@ -1745,7 +1763,8 @@ systemd_cryptsetup_CFLAGS = \
$(UDEV_CFLAGS)
systemd_cryptsetup_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
$(UDEV_LIBS) \
$(LIBCRYPTSETUP_LIBS)
@@ -1754,7 +1773,8 @@ systemd_cryptsetup_generator_SOURCES = \
src/unit-name.c
systemd_cryptsetup_generator_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-label.la \
+ libsystemd-shared.la
cryptsetup-install-data-hook:
$(MKDIR_P) -m 0755 \
@@ -1830,7 +1850,8 @@ systemd_localed_CFLAGS = \
$(DBUS_CFLAGS)
systemd_localed_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
libsystemd-daemon.la \
$(DBUS_LIBS)
@@ -1961,7 +1982,8 @@ systemd_logind_CFLAGS = \
$(DBUS_CFLAGS)
systemd_logind_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
libsystemd-audit.la \
libsystemd-daemon.la \
$(UDEV_LIBS) \
@@ -1979,7 +2001,7 @@ systemd_user_sessions_SOURCES = \
src/login/user-sessions.c
systemd_user_sessions_LDADD = \
- libsystemd-shared-selinux.la
+ libsystemd-shared.la
rootlibexec_PROGRAMS += \
systemd-logind \
@@ -1997,7 +2019,7 @@ loginctl_CFLAGS = \
$(UDEV_CFLAGS)
loginctl_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-shared.la \
$(DBUS_LIBS) \
$(UDEV_LIBS)
@@ -2009,7 +2031,7 @@ test_login_SOURCES = \
test_login_LDADD = \
libsystemd-login.la \
- libsystemd-shared-selinux.la
+ libsystemd-shared.la
noinst_PROGRAMS += \
test-login
@@ -2028,7 +2050,7 @@ libsystemd_login_la_LDFLAGS = \
-Wl,--version-script=$(top_srcdir)/src/login/libsystemd-login.sym
libsystemd_login_la_LIBADD = \
- libsystemd-shared-selinux.la
+ libsystemd-shared.la
if HAVE_PAM
pam_systemd_la_SOURCES = \
@@ -2052,7 +2074,7 @@ pam_systemd_la_LDFLAGS = \
pam_systemd_la_LIBADD = \
libsystemd-daemon.la \
libsystemd-audit.la \
- libsystemd-shared-selinux.la \
+ libsystemd-shared.la \
$(PAM_LIBS) \
$(DBUS_LIBS)
@@ -2127,7 +2149,8 @@ systemd_multi_seat_x_CFLAGS = \
$(UDEV_CFLAGS)
systemd_multi_seat_x_LDADD = \
- libsystemd-shared-selinux.la \
+ libsystemd-label.la \
+ libsystemd-shared.la \
$(UDEV_LIBS)
rootlibexec_PROGRAMS += \
diff --git a/src/shared/cgroup-label.c b/src/shared/cgroup-label.c
new file mode 100644
index 0000000..f9a42c6
--- /dev/null
+++ b/src/shared/cgroup-label.c
@@ -0,0 +1,81 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+ This file is part of systemd.
+
+ Copyright 2010 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <unistd.h>
+#include <signal.h>
+#include <string.h>
+#include <stdlib.h>
+#include <dirent.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <ftw.h>
+
+#include "cgroup-util.h"
+#include "log.h"
+#include "set.h"
+#include "macro.h"
+#include "util.h"
+#include "mkdir.h"
+
+int cg_create(const char *controller, const char *path) {
+ char *fs;
+ int r;
+
+ assert(controller);
+ assert(path);
+
+ if ((r = cg_get_path(controller, path, NULL, &fs)) < 0)
+ return r;
+
+ r = mkdir_parents(fs, 0755);
+
+ if (r >= 0) {
+ if (mkdir(fs, 0755) >= 0)
+ r = 1;
+ else if (errno == EEXIST)
+ r = 0;
+ else
+ r = -errno;
+ }
+
+ free(fs);
+
+ return r;
+}
+
+int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
+ int r, q;
+
+ assert(controller);
+ assert(path);
+ assert(pid >= 0);
+
+ if ((r = cg_create(controller, path)) < 0)
+ return r;
+
+ if ((q = cg_attach(controller, path, pid)) < 0)
+ return q;
+
+ /* This does not remove the cgroup on failure */
+
+ return r;
+}
diff --git a/src/shared/cgroup-util.c b/src/shared/cgroup-util.c
index 5647624..ad677d4 100644
--- a/src/shared/cgroup-util.c
+++ b/src/shared/cgroup-util.c
@@ -34,7 +34,6 @@
#include "set.h"
#include "macro.h"
#include "util.h"
-#include "mkdir.h"
int cg_enumerate_processes(const char *controller, const char *path, FILE **_f) {
char *fs;
@@ -638,32 +637,6 @@ int cg_delete(const char *controller, const char *path) {
return r == -ENOENT ? 0 : r;
}
-int cg_create(const char *controller, const char *path) {
- char *fs;
- int r;
-
- assert(controller);
- assert(path);
-
- if ((r = cg_get_path(controller, path, NULL, &fs)) < 0)
- return r;
-
- r = mkdir_parents(fs, 0755);
-
- if (r >= 0) {
- if (mkdir(fs, 0755) >= 0)
- r = 1;
- else if (errno == EEXIST)
- r = 0;
- else
- r = -errno;
- }
-
- free(fs);
-
- return r;
-}
-
int cg_attach(const char *controller, const char *path, pid_t pid) {
char *fs;
int r;
@@ -688,24 +661,6 @@ int cg_attach(const char *controller, const char *path, pid_t pid) {
return r;
}
-int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
- int r, q;
-
- assert(controller);
- assert(path);
- assert(pid >= 0);
-
- if ((r = cg_create(controller, path)) < 0)
- return r;
-
- if ((q = cg_attach(controller, path, pid)) < 0)
- return q;
-
- /* This does not remove the cgroup on failure */
-
- return r;
-}
-
int cg_set_group_access(const char *controller, const char *path, mode_t mode, uid_t uid, gid_t gid) {
char *fs;
int r;
diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c
new file mode 100644
index 0000000..9ab07a9
--- /dev/null
+++ b/src/shared/socket-label.c
@@ -0,0 +1,143 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+ This file is part of systemd.
+
+ Copyright 2010 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <assert.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <arpa/inet.h>
+#include <stdio.h>
+#include <net/if.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stddef.h>
+#include <sys/ioctl.h>
+
+#include "macro.h"
+#include "util.h"
+#include "mkdir.h"
+#include "socket-util.h"
+#include "missing.h"
+#include "label.h"
+
+int socket_address_listen(
+ const SocketAddress *a,
+ int backlog,
+ SocketAddressBindIPv6Only only,
+ const char *bind_to_device,
+ bool free_bind,
+ bool transparent,
+ mode_t directory_mode,
+ mode_t socket_mode,
+ const char *label,
+ int *ret) {
+
+ int r, fd, one;
+ assert(a);
+ assert(ret);
+
+ if ((r = socket_address_verify(a)) < 0)
+ return r;
+
+ if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
+ return -EAFNOSUPPORT;
+
+ r = label_socket_set(label);
+ if (r < 0)
+ return r;
+
+ fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, a->protocol);
+ r = fd < 0 ? -errno : 0;
+
+ label_socket_clear();
+
+ if (r < 0)
+ return r;
+
+ if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
+ int flag = only == SOCKET_ADDRESS_IPV6_ONLY;
+
+ if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
+ goto fail;
+ }
+
+ if (socket_address_family(a) == AF_INET || socket_address_family(a) == AF_INET6) {
+ if (bind_to_device)
+ if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
+ goto fail;
+
+ if (free_bind) {
+ one = 1;
+ if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
+ log_warning("IP_FREEBIND failed: %m");
+ }
+
+ if (transparent) {
+ one = 1;
+ if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
+ log_warning("IP_TRANSPARENT failed: %m");
+ }
+ }
+
+ one = 1;
+ if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
+ goto fail;
+
+ if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) {
+ mode_t old_mask;
+
+ /* Create parents */
+ mkdir_parents(a->sockaddr.un.sun_path, directory_mode);
+
+ /* Enforce the right access mode for the socket*/
+ old_mask = umask(~ socket_mode);
+
+ /* Include the original umask in our mask */
+ umask(~socket_mode | old_mask);
+
+ r = label_bind(fd, &a->sockaddr.sa, a->size);
+
+ if (r < 0 && errno == EADDRINUSE) {
+ /* Unlink and try again */
+ unlink(a->sockaddr.un.sun_path);
+ r = bind(fd, &a->sockaddr.sa, a->size);
+ }
+
+ umask(old_mask);
+ } else
+ r = bind(fd, &a->sockaddr.sa, a->size);
+
+ if (r < 0)
+ goto fail;
+
+ if (socket_address_can_accept(a))
+ if (listen(fd, backlog) < 0)
+ goto fail;
+
+ *ret = fd;
+ return 0;
+
+fail:
+ r = -errno;
+ close_nointr_nofail(fd);
+ return r;
+}
diff --git a/src/shared/socket-util.c b/src/shared/socket-util.c
index 554f8ac..618c928 100644
--- a/src/shared/socket-util.c
+++ b/src/shared/socket-util.c
@@ -37,7 +37,6 @@
#include "mkdir.h"
#include "socket-util.h"
#include "missing.h"
-#include "label.h"
int socket_address_parse(SocketAddress *a, const char *s) {
int r;
@@ -384,109 +383,6 @@ int socket_address_print(const SocketAddress *a, char **p) {
}
}
-int socket_address_listen(
- const SocketAddress *a,
- int backlog,
- SocketAddressBindIPv6Only only,
- const char *bind_to_device,
- bool free_bind,
- bool transparent,
- mode_t directory_mode,
- mode_t socket_mode,
- const char *label,
- int *ret) {
-
- int r, fd, one;
- assert(a);
- assert(ret);
-
- if ((r = socket_address_verify(a)) < 0)
- return r;
-
- if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
- return -EAFNOSUPPORT;
-
- r = label_socket_set(label);
- if (r < 0)
- return r;
-
- fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, a->protocol);
- r = fd < 0 ? -errno : 0;
-
- label_socket_clear();
-
- if (r < 0)
- return r;
-
- if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
- int flag = only == SOCKET_ADDRESS_IPV6_ONLY;
-
- if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
- goto fail;
- }
-
- if (socket_address_family(a) == AF_INET || socket_address_family(a) == AF_INET6) {
- if (bind_to_device)
- if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
- goto fail;
-
- if (free_bind) {
- one = 1;
- if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
- log_warning("IP_FREEBIND failed: %m");
- }
-
- if (transparent) {
- one = 1;
- if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
- log_warning("IP_TRANSPARENT failed: %m");
- }
- }
-
- one = 1;
- if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
- goto fail;
-
- if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) {
- mode_t old_mask;
-
- /* Create parents */
- mkdir_parents(a->sockaddr.un.sun_path, directory_mode);
-
- /* Enforce the right access mode for the socket*/
- old_mask = umask(~ socket_mode);
-
- /* Include the original umask in our mask */
- umask(~socket_mode | old_mask);
-
- r = label_bind(fd, &a->sockaddr.sa, a->size);
-
- if (r < 0 && errno == EADDRINUSE) {
- /* Unlink and try again */
- unlink(a->sockaddr.un.sun_path);
- r = bind(fd, &a->sockaddr.sa, a->size);
- }
-
- umask(old_mask);
- } else
- r = bind(fd, &a->sockaddr.sa, a->size);
-
- if (r < 0)
- goto fail;
-
- if (socket_address_can_accept(a))
- if (listen(fd, backlog) < 0)
- goto fail;
-
- *ret = fd;
- return 0;
-
-fail:
- r = -errno;
- close_nointr_nofail(fd);
- return r;
-}
-
bool socket_address_can_accept(const SocketAddress *a) {
assert(a);
distrib
>
Fedora
>
17
>
i386
>
media
>
updates-src
>
by-pkgid
>
ab4b662b9827b6375ffd451bf4abd615
>
files
>
73
