summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>2015-06-24 12:01:26 +0900
committerHATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>2015-06-25 12:01:03 +0900
commit4938696301a914ec26bcfc60bb99a1e9624e3789 (patch)
treec5085ebcd1a678ba7c674f70c97ceeffa41c7bcb
parentff99498535bbc97601d89925fd81cd3ac9120994 (diff)
selinux: fix missing SELinux unit access check
Currently, SELinux unit access check is not performed if a given unit file has not been registered in a hash table. This is because function manager_get_unit() only tries to pick up a Unit object from a Unit hash table. Instead, we use function manager_load_unit() searching Unit file pathes for the given Unit file.
-rw-r--r--src/core/selinux-access.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index e9a9a020de..50a90b0bac 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -302,12 +302,12 @@ int mac_selinux_unit_access_check_strv(
int r;
STRV_FOREACH(i, units) {
- u = manager_get_unit(m, *i);
- if (u) {
- r = mac_selinux_unit_access_check(u, message, permission, error);
- if (r < 0)
- return r;
- }
+ r = manager_load_unit(m, *i, NULL, error, &u);
+ if (r < 0)
+ return r;
+ r = mac_selinux_unit_access_check(u, message, permission, error);
+ if (r < 0)
+ return r;
}
#endif
return 0;