For NFS mounts if we call mkdir() on a read-only mount (such as when
we've created a read-only bind mount) the kernel will nor return EEXIST
even when the directory exists, instead returning EROFS.
So, we add (and use) an ensure_dir() helper that stats before calling
mkdir.
Closes: #258
Approved by: giuseppe
It's shorter and more reliable. Also GCC/CLang specific, but that's
fine because that's all we support anyways.
Closes: #69Closes: #70
Approved by: mrunalp
All calls to set an SELinux label should call this function
die_unless_label_valid (opt_exec_label);
It will make sure SELinux is enabled and will make sure the user passed in a
valid label.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Closes: #53
Approved by: cgwalters
In particular `format` is important for validating strings. Luckily
we don't have any new warnings.
`noreturn` is mostly just helps avoid other warnings from unreachable
code.
Closes: #51
Approved by: rhatdan
Verify you are getting a valid SELinux label before proceeding. Some
SELinux checks were broken.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Closes: #43
Approved by: cgwalters
GCC was failing this because write is marked warn_unused_result.
Assigning it to a attribute unused variable is apparently "better"
than casting it to void...
Also, we avoid taking this path at all if event_fd is -1.
Closes: #32
Approved by: alexlarsson
If they already exist as a regular file then we don't need to create
it, which is good because doing so would break if the filesystem
is readonly. I.e. that returns EROFS instead of EEXISTS in that case.
