From d53e386db62ee7f03e7d493ae0e6db7a31a5d811 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 23 Oct 2014 18:06:51 +0200 Subject: smack: rework smack APIs a bit a) always return negative errno error codes b) always become a noop if smack is off c) always take a NULL label as a request to remove it --- src/udev/udev-node.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src/udev') diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c index 803d80327..8d5bada5a 100644 --- a/src/udev/udev-node.c +++ b/src/udev/udev-node.c @@ -294,21 +294,25 @@ static int node_permissions_apply(struct udev_device *dev, bool apply, /* apply SECLABEL{$module}=$label */ udev_list_entry_foreach(entry, udev_list_get_entry(seclabel_list)) { const char *name, *label; + int r; name = udev_list_entry_get_name(entry); label = udev_list_entry_get_value(entry); if (streq(name, "selinux")) { selinux = true; + if (mac_selinux_apply(devnode, label) < 0) - log_error("SECLABEL: failed to set SELinux label '%s'", label); + log_error("SECLABEL: failed to set SELinux label '%s': %s", label, strerror(-r)); else log_debug("SECLABEL: set SELinux label '%s'", label); } else if (streq(name, "smack")) { smack = true; - if (mac_smack_apply(devnode, label) < 0) - log_error("SECLABEL: failed to set SMACK label '%s'", label); + + r = mac_smack_apply(devnode, label); + if (r < 0) + log_error("SECLABEL: failed to set SMACK label '%s': %s", label, strerror(-r)); else log_debug("SECLABEL: set SMACK label '%s'", label); -- cgit v1.2.3