summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2016-10-20 10:35:08 +0200
committerJosé Bollo <jose.bollo@iot.bzh>2016-10-20 12:00:52 +0200
commit62a07cae0e40181daafdb0204c275af66d0f6d64 (patch)
treeb4a6e88e9b5cd12d3f0eba10fcc7d5b06c4d0fa7 /src
parent18103e986d89b9e329f49d9329d8bc40dffd39eb (diff)
afm-run: set smack attributes to user directory
The home directory for applications of a user that was created by the daemon also gets a security label and encures that there is no transmutation. It also simplifies allocation of the directory string. Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'src')
-rw-r--r--src/afm-run.c44
1 files changed, 31 insertions, 13 deletions
diff --git a/src/afm-run.c b/src/afm-run.c
index c5d1552..425189e 100644
--- a/src/afm-run.c
+++ b/src/afm-run.c
@@ -16,6 +16,8 @@
limitations under the License.
*/
+#define _GNU_SOURCE
+
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>
@@ -27,6 +29,13 @@
#include <limits.h>
#include <string.h>
+#include <linux/xattr.h>
+#if SIMULATE_LIBSMACK
+#include "simulation/smack.h"
+#else
+#include <sys/smack.h>
+#endif
+
#include <json-c/json.h>
#include "verbose.h"
@@ -95,6 +104,7 @@ static int runnerid = 0;
* home directory of the user.
*/
static const char fwk_user_app_dir[] = FWK_USER_APP_DIR;
+static const char fwk_user_app_label[] = FWK_USER_APP_DIR_LABEL;
/*
* Path of the root directory for applications of the
@@ -613,7 +623,6 @@ struct json_object *afm_run_state(int runid)
int afm_run_init()
{
char buf[2048];
- char dir[PATH_MAX];
int rc;
uid_t me;
struct passwd passwd, *pw;
@@ -632,25 +641,34 @@ int afm_run_init()
ERROR("getpwuid_r failed for uid=%d: %m",(int)me);
return -1;
}
- rc = snprintf(dir, sizeof dir, "%s/%s", passwd.pw_dir,
- fwk_user_app_dir);
- if (rc >= (int)sizeof dir) {
- ERROR("buffer overflow in user_app_dir for uid=%d",(int)me);
+ rc = asprintf(&homeappdir, "%s/%s", passwd.pw_dir, fwk_user_app_dir);
+ if (rc < 0) {
+ errno = ENOMEM;
+ ERROR("allocating homeappdir for uid=%d failed", (int)me);
return -1;
}
- rc = create_directory(dir, 0755, 1);
+ rc = create_directory(homeappdir, 0755, 1);
if (rc && errno != EEXIST) {
- ERROR("creation of directory %s failed in user_app_dir: %m",
- dir);
+ ERROR("creation of directory %s failed: %m", homeappdir);
+ free(homeappdir);
return -1;
}
- homeappdir = strdup(dir);
- if (homeappdir == NULL) {
- errno = ENOMEM;
- ERROR("out of memory in user_app_dir for %s : %m", dir);
+ rc = smack_remove_label_for_path(homeappdir,
+ XATTR_NAME_SMACKTRANSMUTE, 0);
+ if (rc < 0 && errno != ENODATA) {
+ ERROR("can't remove smack transmutation of directory %s: %m",
+ homeappdir);
+ free(homeappdir);
+ return -1;
+ }
+ rc = smack_set_label_for_path(homeappdir, XATTR_NAME_SMACK, 0,
+ fwk_user_app_label);
+ if (rc < 0) {
+ ERROR("can't set smack label %s to directory %s: %m",
+ fwk_user_app_label, homeappdir);
+ free(homeappdir);
return -1;
}
-
/* install signal handlers */
siga.sa_flags = SA_SIGINFO | SA_NOCLDWAIT;
sigemptyset(&siga.sa_mask);