dbus: check selinux privilege before returning process list

We protect less interetsing stuff with selinux "status", let's do that here too.
author: Lennart Poettering <lennart@poettering.net> 2017-02-10 11:54:18 +0100
committer: Lennart Poettering <lennart@poettering.net> 2017-02-10 11:54:18 +0100
commit: 807fa5d9a01b2bd80ac821d3a165bfef0323c20c (patch)
tree: 245aa4fc61a13e977b726ab52e48e3b433b965a0
parent: fa07c85956e28db3f6e23c21b65d28d5edb77ba3 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 60e889e1ef..f1306a023f 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1006,6 +1006,10 @@ int bus_unit_method_get_processes(sd_bus_message *message, void *userdata, sd_bu
 
         assert(message);
 
+        r = mac_selinux_unit_access_check(u, message, "status", error);
+        if (r < 0)
+                return r;
+
         pids = set_new(NULL);
         if (!pids)
                 return -ENOMEM;
author	Lennart Poettering <lennart@poettering.net>	2017-02-10 11:54:18 +0100
committer	Lennart Poettering <lennart@poettering.net>	2017-02-10 11:54:18 +0100
commit	807fa5d9a01b2bd80ac821d3a165bfef0323c20c (patch)
tree	245aa4fc61a13e977b726ab52e48e3b433b965a0
parent	fa07c85956e28db3f6e23c21b65d28d5edb77ba3 (diff)