BuildRequires: pkgconfig(cynara-client)
BuildRequires: pkgconfig(cynara-session)
BuildRequires: pkgconfig(openssl)
+BuildRequires: pkgconfig(libsmack)
Requires: cryptsetup
%description
*/
#include <cynara-client.h>
#include <cynara-session.h>
+#include <sys/smack.h>
#include <klay/audit/dlog-sink.h>
{
INFO(SINK, "registerNotificationSubscriber");
INFO(SINK, name);
- return runtime::FileDescriptor(subscribeNotification(name), true);
+ int fd = subscribeNotification(name);
+
+ /**
+ * Set @ label so that smack_file_receive() in kernel succeeds in checking
+ * 'w' access between the client and the IPOUT of the socket.
+ */
+ if (smack_fsetlabel(fd, "@", SMACK_LABEL_IPOUT) != 0) {
+ ERROR(SINK, "Setting IPOUT label failed");
+ throw runtime::Exception("Setting IPOUT label failed");
+ }
+
+ return runtime::FileDescriptor(fd, true);
}
int ServerContext::unregisterNotificationSubscriber(const std::string& name, int id)