eudev/src/socket-util.h

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

#ifndef foosocketutilhfoo
#define foosocketutilhfoo

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/un.h>
#include <net/if.h>

#include "macro.h"
#include "util.h"

union sockaddr_union {
        struct sockaddr sa;
        struct sockaddr_in in4;
        struct sockaddr_in6 in6;
        struct sockaddr_un un;
        struct sockaddr_storage storage;
};

typedef struct SocketAddress {
        union sockaddr_union sockaddr;

        /* We store the size here explicitly due to the weird
         * sockaddr_un semantics for abstract sockets */
        socklen_t size;

        /* Socket type, i.e. SOCK_STREAM, SOCK_DGRAM, ... */
        int type;
} SocketAddress;

typedef enum SocketAddressBindIPv6Only {
        SOCKET_ADDRESS_DEFAULT,
        SOCKET_ADDRESS_BOTH,
        SOCKET_ADDRESS_IPV6_ONLY,
        _SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX,
        _SOCKET_ADDRESS_BIND_IPV6_ONLY_INVALID = -1
} SocketAddressBindIPv6Only;

#define socket_address_family(a) ((a)->sockaddr.sa.sa_family)

int socket_address_parse(SocketAddress *a, const char *s);
int socket_address_print(const SocketAddress *a, char **p);
int socket_address_verify(const SocketAddress *a);

bool socket_address_can_accept(const SocketAddress *a);

int socket_address_listen(
                const SocketAddress *a,
                int backlog,
                SocketAddressBindIPv6Only only,
                const char *bind_to_device,
                bool free_bind,
                mode_t directory_mode,
                mode_t socket_mode,
                const char *label,
                int *ret);

bool socket_address_is(const SocketAddress *a, const char *s, int type);

bool socket_address_equal(const SocketAddress *a, const SocketAddress *b);

bool socket_address_needs_mount(const SocketAddress *a, const char *prefix);

const char* socket_address_bind_ipv6_only_to_string(SocketAddressBindIPv6Only b);
SocketAddressBindIPv6Only socket_address_bind_ipv6_only_from_string(const char *s);

bool socket_ipv6_is_supported(void);

#endif
emacs: disable tabs in .h files, too 2010-08-17 08:33:07 +07:00			`/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/`
parse socket files properly 2010-01-19 08:56:37 +07:00
			`#ifndef foosocketutilhfoo`
			`#define foosocketutilhfoo`

license: add GPLv2+ license blurbs everwhere 2010-02-03 19:03:47 +07:00			`/***`
			`This file is part of systemd.`

			`Copyright 2010 Lennart Poettering`

			`systemd is free software; you can redistribute it and/or modify it`
			`under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 2 of the License, or`
			`(at your option) any later version.`

			`systemd is distributed in the hope that it will be useful, but`
			`WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with systemd; If not, see <http://www.gnu.org/licenses/>.`
			`***/`

parse socket files properly 2010-01-19 08:56:37 +07:00			`#include <sys/socket.h>`
			`#include <netinet/in.h>`
			`#include <sys/un.h>`
yay, we can start socket units 2010-01-27 10:31:52 +07:00			`#include <net/if.h>`
parse socket files properly 2010-01-19 08:56:37 +07:00
			`#include "macro.h"`
			`#include "util.h"`

systemctl: add support for delayed shutdown, similar to sysv in style 2010-08-16 20:37:52 +07:00			`union sockaddr_union {`
			`struct sockaddr sa;`
			`struct sockaddr_in in4;`
			`struct sockaddr_in6 in6;`
			`struct sockaddr_un un;`
			`struct sockaddr_storage storage;`
			`};`

rework socket handling 2010-01-23 09:35:54 +07:00			`typedef struct SocketAddress {`
systemctl: add support for delayed shutdown, similar to sysv in style 2010-08-16 20:37:52 +07:00			`union sockaddr_union sockaddr;`
parse socket files properly 2010-01-19 08:56:37 +07:00
			`/* We store the size here explicitly due to the weird`
			`* sockaddr_un semantics for abstract sockets */`
			`socklen_t size;`

			`/* Socket type, i.e. SOCK_STREAM, SOCK_DGRAM, ... */`
			`int type;`
rework socket handling 2010-01-23 09:35:54 +07:00			`} SocketAddress;`
parse socket files properly 2010-01-19 08:56:37 +07:00
rework socket handling 2010-01-23 09:35:54 +07:00			`typedef enum SocketAddressBindIPv6Only {`
			`SOCKET_ADDRESS_DEFAULT,`
			`SOCKET_ADDRESS_BOTH,`
socket: fix parsing of bind_ipv6_only 2010-05-22 04:41:25 +07:00			`SOCKET_ADDRESS_IPV6_ONLY,`
			`_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX,`
			`_SOCKET_ADDRESS_BIND_IPV6_ONLY_INVALID = -1`
rework socket handling 2010-01-23 09:35:54 +07:00			`} SocketAddressBindIPv6Only;`
parse socket files properly 2010-01-19 08:56:37 +07:00
rework socket handling 2010-01-23 09:35:54 +07:00			`#define socket_address_family(a) ((a)->sockaddr.sa.sa_family)`
parse socket files properly 2010-01-19 08:56:37 +07:00
rework socket handling 2010-01-23 09:35:54 +07:00			`int socket_address_parse(SocketAddress a, const char s);`
			`int socket_address_print(const SocketAddress a, char *p);`
			`int socket_address_verify(const SocketAddress *a);`
socket: allow configuration of socket/directory mode 2010-02-12 08:02:14 +07:00
socket: optionally call accept() for incoming connections and spawn one service instance per connection 2010-04-15 11:19:54 +07:00			`bool socket_address_can_accept(const SocketAddress *a);`

socket: allow configuration of socket/directory mode 2010-02-12 08:02:14 +07:00			`int socket_address_listen(`
			`const SocketAddress *a,`
			`int backlog,`
			`SocketAddressBindIPv6Only only,`
			`const char *bind_to_device,`
socket: make various socket/pipe options configurable 2010-07-01 05:29:17 +07:00			`bool free_bind,`
socket: allow configuration of socket/directory mode 2010-02-12 08:02:14 +07:00			`mode_t directory_mode,`
			`mode_t socket_mode,`
Systemd is causing mislabeled devices to be created and then attempting to read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e 2010-07-28 20:39:54 +07:00			`const char *label,`
socket: allow configuration of socket/directory mode 2010-02-12 08:02:14 +07:00			`int *ret);`
parse socket files properly 2010-01-19 08:56:37 +07:00
socket: verify socket type properly when desrializing 2010-06-05 05:52:30 +07:00			`bool socket_address_is(const SocketAddress a, const char s, int type);`
reload: implement reload/reexec logic 2010-04-21 08:27:44 +07:00
			`bool socket_address_equal(const SocketAddress a, const SocketAddress b);`

units: rework automatic dependency logic between automounts, mounts, sockets, swaps 2010-05-13 08:07:16 +07:00			`bool socket_address_needs_mount(const SocketAddress a, const char prefix);`

socket: fix parsing of bind_ipv6_only 2010-05-22 04:41:25 +07:00			`const char* socket_address_bind_ipv6_only_to_string(SocketAddressBindIPv6Only b);`
			`SocketAddressBindIPv6Only socket_address_bind_ipv6_only_from_string(const char *s);`

socket: Support IPv6-less systems with runtime check. This patch introduces socket_ipv6_is_supported() call that checks for IPv6 availability. Code then check for it before using specific calls. In order to be less intrusive, this patch avoids IPv6 entries being parsed at all, this way we don't get such entries in the system and all other code paths are automatically ignored. However an extra check is done at socket_address_listen() to make sure of that. As the number of Netlink messages is not know upfront anymore, loopback-setup.c was refactored to dynamically calculate the sequence number and count. Lennart's suggestions were fixed and squashed with the original patch, that was sent by Gustavo Sverzut Barbieri (barbieri@profusion.mobi). 2010-09-21 02:33:14 +07:00			`bool socket_ipv6_is_supported(void);`

parse socket files properly 2010-01-19 08:56:37 +07:00			`#endif`