diff options
author | HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com> | 2015-06-24 12:01:26 +0900 |
---|---|---|
committer | HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com> | 2015-06-25 12:01:03 +0900 |
commit | 4938696301a914ec26bcfc60bb99a1e9624e3789 (patch) | |
tree | c5085ebcd1a678ba7c674f70c97ceeffa41c7bcb | |
parent | ff99498535bbc97601d89925fd81cd3ac9120994 (diff) |
selinux: fix missing SELinux unit access check
Currently, SELinux unit access check is not performed if a given unit
file has not been registered in a hash table. This is because function
manager_get_unit() only tries to pick up a Unit object from a Unit
hash table. Instead, we use function manager_load_unit() searching
Unit file pathes for the given Unit file.
-rw-r--r-- | src/core/selinux-access.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c index e9a9a020de..50a90b0bac 100644 --- a/src/core/selinux-access.c +++ b/src/core/selinux-access.c @@ -302,12 +302,12 @@ int mac_selinux_unit_access_check_strv( int r; STRV_FOREACH(i, units) { - u = manager_get_unit(m, *i); - if (u) { - r = mac_selinux_unit_access_check(u, message, permission, error); - if (r < 0) - return r; - } + r = manager_load_unit(m, *i, NULL, error, &u); + if (r < 0) + return r; + r = mac_selinux_unit_access_check(u, message, permission, error); + if (r < 0) + return r; } #endif return 0; |