diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-11-26 18:57:37 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-11-26 18:57:39 +0100 |
| commit | 8fd00193803fd20bed163832ec4d0d5ba2958b87 (patch) | |
| tree | 9fe9998bc631f8cb168ded1f98de271205c9629d /src/core/dbus.c | |
| parent | 6dae84cbdda6c0547b374119960b49c9da5aa481 (diff) | |
core: make sure we have enough information when doing selinux decisions
Let's ask for the security relevant bits in a race-free way, and augment
the rest from /proc.
Diffstat (limited to 'src/core/dbus.c')
| -rw-r--r-- | src/core/dbus.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/core/dbus.c b/src/core/dbus.c index ec1c0d4336..e23d36fddc 100644 --- a/src/core/dbus.c +++ b/src/core/dbus.c @@ -776,6 +776,14 @@ static int bus_setup_api(Manager *m, sd_bus *bus) { assert(m); assert(bus); + /* Let's make sure we have enough credential bits so that we can make security and selinux decisions */ + r = sd_bus_negotiate_creds(bus, 1, + SD_BUS_CREDS_PID|SD_BUS_CREDS_UID| + SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS| + SD_BUS_CREDS_SELINUX_CONTEXT); + if (r < 0) + log_warning("Failed to enable credential passing, ignoring: %s", strerror(-r)); + r = bus_setup_api_vtables(m, bus); if (r < 0) return r; |