]> err.no Git - systemd/commitdiff
split selinux label operations out of cgroup-util, socket-util
authorKay Sievers <kay@vrfy.org>
Wed, 11 Apr 2012 10:30:53 +0000 (12:30 +0200)
committerKay Sievers <kay@vrfy.org>
Wed, 11 Apr 2012 10:49:00 +0000 (12:49 +0200)
This prevents linking of selinux and libdl for another 15 binaries.

Makefile.am
src/shared/cgroup-label.c [new file with mode: 0644]
src/shared/cgroup-util.c
src/shared/socket-label.c [new file with mode: 0644]
src/shared/socket-util.c

index 6d27b7d0da7e740803ca2568dab3e4fdd27d3eb2..07b30ebd1e16ddba8447f1ffc92f770ca5bcedcc 100644 (file)
@@ -575,29 +575,30 @@ libsystemd_shared_la_SOURCES = \
        src/shared/pager.c \
        src/shared/pager.h \
        src/shared/ioprio.h \
+       src/shared/socket-util.c \
+       src/shared/socket-util.h \
+       src/shared/cgroup-util.c \
+       src/shared/cgroup-util.h \
        src/shared/list.h \
        src/shared/macro.h
 
 # ------------------------------------------------------------------------------
 noinst_LTLIBRARIES += \
-       libsystemd-shared-selinux.la
+       libsystemd-label.la
 
-libsystemd_shared_selinux_la_SOURCES = \
-       src/shared/cgroup-util.c \
-       src/shared/cgroup-util.h \
-       src/shared/socket-util.c \
-       src/shared/socket-util.h \
+libsystemd_label_la_SOURCES = \
+       src/shared/cgroup-label.c \
+       src/shared/socket-label.c \
        src/shared/label.c \
        src/shared/label.h \
        src/shared/mkdir.c \
        src/shared/mkdir.h
 
-libsystemd_shared_selinux_la_CFLAGS = \
+libsystemd_label_la_CFLAGS = \
        $(AM_CFLAGS) \
        $(SELINUX_CFLAGS)
 
-libsystemd_shared_selinux_la_LIBADD = \
-       libsystemd-shared.la \
+libsystemd_label_la_LIBADD = \
        $(SELINUX_LIBS)
 
 # ------------------------------------------------------------------------------
@@ -785,8 +786,9 @@ libsystemd_core_la_CFLAGS = \
        $(KMOD_CFLAGS)
 
 libsystemd_core_la_LIBADD = \
-       libsystemd-shared-selinux.la \
        libsystemd-capability.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libudev.la \
        $(DBUS_LIBS) \
        $(LIBWRAP_LIBS) \
@@ -841,7 +843,7 @@ test_loopback_SOURCES = \
        src/loopback-setup.c
 
 test_loopback_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-shared.la
 
 test_hostname_SOURCES = \
        src/test-hostname.c \
@@ -861,7 +863,8 @@ test_cgroup_SOURCES = \
        src/test-cgroup.c
 
 test_cgroup_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-label.la \
+       libsystemd-shared.la
 
 test_env_replace_SOURCES = \
        src/test-env-replace.c
@@ -887,7 +890,8 @@ test_install_CFLAGS = \
        $(DBUS_CFLAGS)
 
 test_install_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-label.la \
+       libsystemd-shared.la
 
 test_watchdog_SOURCES = \
        src/test-watchdog.c \
@@ -933,7 +937,8 @@ systemd_shutdownd_SOURCES = \
        src/shutdownd.c
 
 systemd_shutdownd_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libsystemd-daemon.la
 
 pkginclude_HEADERS += \
@@ -948,7 +953,8 @@ systemd_shutdown_SOURCES = \
        src/watchdog.h
 
 systemd_shutdown_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libudev.la
 
 # ------------------------------------------------------------------------------
@@ -968,7 +974,8 @@ systemd_tmpfiles_SOURCES = \
        src/tmpfiles.c
 
 systemd_tmpfiles_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-label.la \
+       libsystemd-shared.la
 
 # ------------------------------------------------------------------------------
 systemd_machine_id_setup_SOURCES = \
@@ -976,7 +983,8 @@ systemd_machine_id_setup_SOURCES = \
        src/machine-id-main.c
 
 systemd_machine_id_setup_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libsystemd-id128.la
 
 # ------------------------------------------------------------------------------
@@ -1028,14 +1036,16 @@ systemd_getty_generator_SOURCES = \
        src/unit-name.c
 
 systemd_getty_generator_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-label.la \
+       libsystemd-shared.la
 
 # ------------------------------------------------------------------------------
 systemd_rc_local_generator_SOURCES = \
        src/rc-local-generator.c
 
 systemd_rc_local_generator_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-label.la \
+       libsystemd-shared.la
 
 # ------------------------------------------------------------------------------
 systemd_remount_api_vfs_SOURCES = \
@@ -1075,7 +1085,8 @@ systemctl_CFLAGS = \
        $(DBUS_CFLAGS)
 
 systemctl_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libsystemd-daemon.la \
        libsystemd-journal.la \
        libsystemd-id128.la \
@@ -1096,7 +1107,8 @@ systemd_ask_password_SOURCES = \
        src/ask-password-api.c
 
 systemd_ask_password_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-label.la \
+       libsystemd-shared.la
 
 # ------------------------------------------------------------------------------
 systemd_reply_password_SOURCES = \
@@ -1111,14 +1123,14 @@ systemd_cgls_SOURCES = \
        src/cgroup-show.c
 
 systemd_cgls_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-shared.la
 
 # ------------------------------------------------------------------------------
 systemd_cgtop_SOURCES = \
        src/cgtop.c
 
 systemd_cgtop_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-shared.la
 
 # ------------------------------------------------------------------------------
 systemd_nspawn_SOURCES = \
@@ -1126,7 +1138,8 @@ systemd_nspawn_SOURCES = \
        src/loopback-setup.c
 
 systemd_nspawn_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libsystemd-capability.la \
        libsystemd-daemon.la
 
@@ -1144,7 +1157,8 @@ systemd_tty_ask_password_agent_SOURCES = \
        src/utmp-wtmp.c
 
 systemd_tty_ask_password_agent_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-label.la \
+       libsystemd-shared.la
 
 # ------------------------------------------------------------------------------
 libsystemd_daemon_la_SOURCES = \
@@ -1385,7 +1399,7 @@ libudev_core_la_CFLAGS = \
 libudev_core_la_LIBADD = \
        libudev-private.la \
        libsystemd-daemon.la \
-       libsystemd-shared-selinux.la \
+       libsystemd-shared.la \
        $(BLKID_LIBS) \
        $(KMOD_LIBS)
 
@@ -1422,7 +1436,7 @@ udevadm_SOURCES = \
 
 udevadm_LDADD = \
        libudev-core.la \
-       libsystemd-shared-selinux.la
+       libsystemd-shared.la
 
 # ------------------------------------------------------------------------------
 TESTS = \
@@ -1864,7 +1878,7 @@ test_id128_SOURCES = \
        src/test-id128.c
 
 test_id128_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-shared.la \
        libsystemd-id128.la
 
 noinst_PROGRAMS += \
@@ -1924,7 +1938,8 @@ nodist_systemd_journald_SOURCES = \
 systemd_journald_CFLAGS =
 
 systemd_journald_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libsystemd-audit.la \
        libsystemd-daemon.la \
        libsystemd-login.la \
@@ -1951,7 +1966,7 @@ systemd_cat_SOURCES = \
        src/journal/cat.c
 
 systemd_cat_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-shared.la \
        libsystemd-journal.la
 
 journalctl_SOURCES = \
@@ -1959,7 +1974,7 @@ journalctl_SOURCES = \
        src/logs-show.c
 
 journalctl_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-shared.la \
        libsystemd-journal.la \
        libsystemd-id128.la
 
@@ -1981,7 +1996,8 @@ test_journal_SOURCES = \
        src/journal/journal-send.c
 
 test_journal_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libsystemd-id128.la
 
 if HAVE_XZ
@@ -2000,7 +2016,7 @@ test_journal_send_SOURCES = \
        src/journal/test-journal-send.c
 
 test_journal_send_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-shared.la \
        libsystemd-journal.la
 
 libsystemd_journal_la_SOURCES = \
@@ -2020,7 +2036,7 @@ libsystemd_journal_la_LDFLAGS = \
        -Wl,--version-script=$(top_srcdir)/src/journal/libsystemd-journal.sym
 
 libsystemd_journal_la_LIBADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-shared.la \
        libsystemd-id128.la
 
 if HAVE_XZ
@@ -2117,7 +2133,8 @@ systemd_coredump_SOURCES = \
 systemd_coredump_LDADD = \
        libsystemd-journal.la \
        libsystemd-login.la \
-       libsystemd-shared-selinux.la
+       libsystemd-label.la \
+       libsystemd-shared.la
 
 rootlibexec_PROGRAMS += \
        systemd-coredump
@@ -2283,7 +2300,8 @@ systemd_random_seed_SOURCES = \
        src/random-seed.c
 
 systemd_random_seed_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-label.la \
+       libsystemd-shared.la
 
 randomseed-install-data-hook:
        $(MKDIR_P) -m 0755 \
@@ -2320,7 +2338,8 @@ systemd_cryptsetup_CFLAGS = \
        $(LIBCRYPTSETUP_CFLAGS)
 
 systemd_cryptsetup_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libudev.la \
        $(LIBCRYPTSETUP_LIBS)
 
@@ -2329,7 +2348,8 @@ systemd_cryptsetup_generator_SOURCES = \
        src/unit-name.c
 
 systemd_cryptsetup_generator_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-label.la \
+       libsystemd-shared.la
 
 cryptsetup-install-data-hook:
        $(MKDIR_P) -m 0755 \
@@ -2405,7 +2425,8 @@ systemd_localed_CFLAGS = \
        $(DBUS_CFLAGS)
 
 systemd_localed_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libsystemd-daemon.la \
        $(DBUS_LIBS)
 
@@ -2535,7 +2556,8 @@ systemd_logind_CFLAGS = \
        $(DBUS_CFLAGS)
 
 systemd_logind_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libsystemd-audit.la \
        libsystemd-daemon.la \
        libudev.la \
@@ -2553,7 +2575,7 @@ systemd_user_sessions_SOURCES = \
        src/login/user-sessions.c
 
 systemd_user_sessions_LDADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-shared.la
 
 rootlibexec_PROGRAMS += \
        systemd-logind \
@@ -2570,7 +2592,7 @@ loginctl_CFLAGS = \
        $(DBUS_CFLAGS)
 
 loginctl_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-shared.la \
        libudev.la \
        $(DBUS_LIBS)
 
@@ -2582,7 +2604,7 @@ test_login_SOURCES = \
 
 test_login_LDADD = \
        libsystemd-login.la \
-       libsystemd-shared-selinux.la
+       libsystemd-shared.la
 
 noinst_PROGRAMS += \
        test-login
@@ -2601,7 +2623,7 @@ libsystemd_login_la_LDFLAGS = \
        -Wl,--version-script=$(top_srcdir)/src/login/libsystemd-login.sym
 
 libsystemd_login_la_LIBADD = \
-       libsystemd-shared-selinux.la
+       libsystemd-shared.la
 
 if HAVE_PAM
 pam_systemd_la_SOURCES = \
@@ -2625,7 +2647,7 @@ pam_systemd_la_LDFLAGS = \
 pam_systemd_la_LIBADD = \
        libsystemd-daemon.la \
        libsystemd-audit.la \
-       libsystemd-shared-selinux.la \
+       libsystemd-shared.la \
        $(PAM_LIBS) \
        $(DBUS_LIBS)
 
@@ -2696,7 +2718,8 @@ systemd_multi_seat_x_SOURCES = \
        src/login/multi-seat-x.c
 
 systemd_multi_seat_x_LDADD = \
-       libsystemd-shared-selinux.la \
+       libsystemd-label.la \
+       libsystemd-shared.la \
        libudev.la
 
 rootlibexec_PROGRAMS += \
diff --git a/src/shared/cgroup-label.c b/src/shared/cgroup-label.c
new file mode 100644 (file)
index 0000000..f9a42c6
--- /dev/null
@@ -0,0 +1,81 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <unistd.h>
+#include <signal.h>
+#include <string.h>
+#include <stdlib.h>
+#include <dirent.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <ftw.h>
+
+#include "cgroup-util.h"
+#include "log.h"
+#include "set.h"
+#include "macro.h"
+#include "util.h"
+#include "mkdir.h"
+
+int cg_create(const char *controller, const char *path) {
+        char *fs;
+        int r;
+
+        assert(controller);
+        assert(path);
+
+        if ((r = cg_get_path(controller, path, NULL, &fs)) < 0)
+                return r;
+
+        r = mkdir_parents(fs, 0755);
+
+        if (r >= 0) {
+                if (mkdir(fs, 0755) >= 0)
+                        r = 1;
+                else if (errno == EEXIST)
+                        r = 0;
+                else
+                        r = -errno;
+        }
+
+        free(fs);
+
+        return r;
+}
+
+int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
+        int r, q;
+
+        assert(controller);
+        assert(path);
+        assert(pid >= 0);
+
+        if ((r = cg_create(controller, path)) < 0)
+                return r;
+
+        if ((q = cg_attach(controller, path, pid)) < 0)
+                return q;
+
+        /* This does not remove the cgroup on failure */
+
+        return r;
+}
index 5647624e8de369f2e6631e79025ceed3bd41411c..ad677d42622a2d563ec5f6baf9bc4b90387d5c93 100644 (file)
@@ -34,7 +34,6 @@
 #include "set.h"
 #include "macro.h"
 #include "util.h"
-#include "mkdir.h"
 
 int cg_enumerate_processes(const char *controller, const char *path, FILE **_f) {
         char *fs;
@@ -638,32 +637,6 @@ int cg_delete(const char *controller, const char *path) {
         return r == -ENOENT ? 0 : r;
 }
 
-int cg_create(const char *controller, const char *path) {
-        char *fs;
-        int r;
-
-        assert(controller);
-        assert(path);
-
-        if ((r = cg_get_path(controller, path, NULL, &fs)) < 0)
-                return r;
-
-        r = mkdir_parents(fs, 0755);
-
-        if (r >= 0) {
-                if (mkdir(fs, 0755) >= 0)
-                        r = 1;
-                else if (errno == EEXIST)
-                        r = 0;
-                else
-                        r = -errno;
-        }
-
-        free(fs);
-
-        return r;
-}
-
 int cg_attach(const char *controller, const char *path, pid_t pid) {
         char *fs;
         int r;
@@ -688,24 +661,6 @@ int cg_attach(const char *controller, const char *path, pid_t pid) {
         return r;
 }
 
-int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
-        int r, q;
-
-        assert(controller);
-        assert(path);
-        assert(pid >= 0);
-
-        if ((r = cg_create(controller, path)) < 0)
-                return r;
-
-        if ((q = cg_attach(controller, path, pid)) < 0)
-                return q;
-
-        /* This does not remove the cgroup on failure */
-
-        return r;
-}
-
 int cg_set_group_access(const char *controller, const char *path, mode_t mode, uid_t uid, gid_t gid) {
         char *fs;
         int r;
diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c
new file mode 100644 (file)
index 0000000..9ab07a9
--- /dev/null
@@ -0,0 +1,143 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+  This file is part of systemd.
+
+  Copyright 2010 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <assert.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <arpa/inet.h>
+#include <stdio.h>
+#include <net/if.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stddef.h>
+#include <sys/ioctl.h>
+
+#include "macro.h"
+#include "util.h"
+#include "mkdir.h"
+#include "socket-util.h"
+#include "missing.h"
+#include "label.h"
+
+int socket_address_listen(
+                const SocketAddress *a,
+                int backlog,
+                SocketAddressBindIPv6Only only,
+                const char *bind_to_device,
+                bool free_bind,
+                bool transparent,
+                mode_t directory_mode,
+                mode_t socket_mode,
+                const char *label,
+                int *ret) {
+
+        int r, fd, one;
+        assert(a);
+        assert(ret);
+
+        if ((r = socket_address_verify(a)) < 0)
+                return r;
+
+        if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
+                return -EAFNOSUPPORT;
+
+        r = label_socket_set(label);
+        if (r < 0)
+                return r;
+
+        fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, a->protocol);
+        r = fd < 0 ? -errno : 0;
+
+        label_socket_clear();
+
+        if (r < 0)
+                return r;
+
+        if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
+                int flag = only == SOCKET_ADDRESS_IPV6_ONLY;
+
+                if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
+                        goto fail;
+        }
+
+        if (socket_address_family(a) == AF_INET || socket_address_family(a) == AF_INET6) {
+                if (bind_to_device)
+                        if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
+                                goto fail;
+
+                if (free_bind) {
+                        one = 1;
+                        if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
+                                log_warning("IP_FREEBIND failed: %m");
+                }
+
+                if (transparent) {
+                        one = 1;
+                        if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
+                                log_warning("IP_TRANSPARENT failed: %m");
+                }
+        }
+
+        one = 1;
+        if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
+                goto fail;
+
+        if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) {
+                mode_t old_mask;
+
+                /* Create parents */
+                mkdir_parents(a->sockaddr.un.sun_path, directory_mode);
+
+                /* Enforce the right access mode for the socket*/
+                old_mask = umask(~ socket_mode);
+
+                /* Include the original umask in our mask */
+                umask(~socket_mode | old_mask);
+
+                r = label_bind(fd, &a->sockaddr.sa, a->size);
+
+                if (r < 0 && errno == EADDRINUSE) {
+                        /* Unlink and try again */
+                        unlink(a->sockaddr.un.sun_path);
+                        r = bind(fd, &a->sockaddr.sa, a->size);
+                }
+
+                umask(old_mask);
+        } else
+                r = bind(fd, &a->sockaddr.sa, a->size);
+
+        if (r < 0)
+                goto fail;
+
+        if (socket_address_can_accept(a))
+                if (listen(fd, backlog) < 0)
+                        goto fail;
+
+        *ret = fd;
+        return 0;
+
+fail:
+        r = -errno;
+        close_nointr_nofail(fd);
+        return r;
+}
index 554f8ac965a705e5ddfd887fa53b4565eaea4b10..618c928f06d3b615faffa585453329097d44e7b6 100644 (file)
@@ -37,7 +37,6 @@
 #include "mkdir.h"
 #include "socket-util.h"
 #include "missing.h"
-#include "label.h"
 
 int socket_address_parse(SocketAddress *a, const char *s) {
         int r;
@@ -384,109 +383,6 @@ int socket_address_print(const SocketAddress *a, char **p) {
         }
 }
 
-int socket_address_listen(
-                const SocketAddress *a,
-                int backlog,
-                SocketAddressBindIPv6Only only,
-                const char *bind_to_device,
-                bool free_bind,
-                bool transparent,
-                mode_t directory_mode,
-                mode_t socket_mode,
-                const char *label,
-                int *ret) {
-
-        int r, fd, one;
-        assert(a);
-        assert(ret);
-
-        if ((r = socket_address_verify(a)) < 0)
-                return r;
-
-        if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
-                return -EAFNOSUPPORT;
-
-        r = label_socket_set(label);
-        if (r < 0)
-                return r;
-
-        fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, a->protocol);
-        r = fd < 0 ? -errno : 0;
-
-        label_socket_clear();
-
-        if (r < 0)
-                return r;
-
-        if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
-                int flag = only == SOCKET_ADDRESS_IPV6_ONLY;
-
-                if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
-                        goto fail;
-        }
-
-        if (socket_address_family(a) == AF_INET || socket_address_family(a) == AF_INET6) {
-                if (bind_to_device)
-                        if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
-                                goto fail;
-
-                if (free_bind) {
-                        one = 1;
-                        if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
-                                log_warning("IP_FREEBIND failed: %m");
-                }
-
-                if (transparent) {
-                        one = 1;
-                        if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
-                                log_warning("IP_TRANSPARENT failed: %m");
-                }
-        }
-
-        one = 1;
-        if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
-                goto fail;
-
-        if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) {
-                mode_t old_mask;
-
-                /* Create parents */
-                mkdir_parents(a->sockaddr.un.sun_path, directory_mode);
-
-                /* Enforce the right access mode for the socket*/
-                old_mask = umask(~ socket_mode);
-
-                /* Include the original umask in our mask */
-                umask(~socket_mode | old_mask);
-
-                r = label_bind(fd, &a->sockaddr.sa, a->size);
-
-                if (r < 0 && errno == EADDRINUSE) {
-                        /* Unlink and try again */
-                        unlink(a->sockaddr.un.sun_path);
-                        r = bind(fd, &a->sockaddr.sa, a->size);
-                }
-
-                umask(old_mask);
-        } else
-                r = bind(fd, &a->sockaddr.sa, a->size);
-
-        if (r < 0)
-                goto fail;
-
-        if (socket_address_can_accept(a))
-                if (listen(fd, backlog) < 0)
-                        goto fail;
-
-        *ret = fd;
-        return 0;
-
-fail:
-        r = -errno;
-        close_nointr_nofail(fd);
-        return r;
-}
-
 bool socket_address_can_accept(const SocketAddress *a) {
         assert(a);