summaryrefslogtreecommitdiff
path: root/src/core/dbus.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-11-26 18:57:37 +0100
committerLennart Poettering <lennart@poettering.net>2014-11-26 18:57:39 +0100
commit8fd00193803fd20bed163832ec4d0d5ba2958b87 (patch)
tree9fe9998bc631f8cb168ded1f98de271205c9629d /src/core/dbus.c
parent6dae84cbdda6c0547b374119960b49c9da5aa481 (diff)
core: make sure we have enough information when doing selinux decisions
Let's ask for the security relevant bits in a race-free way, and augment the rest from /proc.
Diffstat (limited to 'src/core/dbus.c')
-rw-r--r--src/core/dbus.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/core/dbus.c b/src/core/dbus.c
index ec1c0d4336..e23d36fddc 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -776,6 +776,14 @@ static int bus_setup_api(Manager *m, sd_bus *bus) {
assert(m);
assert(bus);
+ /* Let's make sure we have enough credential bits so that we can make security and selinux decisions */
+ r = sd_bus_negotiate_creds(bus, 1,
+ SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|
+ SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS|
+ SD_BUS_CREDS_SELINUX_CONTEXT);
+ if (r < 0)
+ log_warning("Failed to enable credential passing, ignoring: %s", strerror(-r));
+
r = bus_setup_api_vtables(m, bus);
if (r < 0)
return r;