diff options
| author | David Herrmann <dh.herrmann@gmail.com> | 2015-08-27 16:23:47 +0200 |
|---|---|---|
| committer | David Herrmann <dh.herrmann@gmail.com> | 2015-08-27 16:29:01 +0200 |
| commit | 8faae625dc9b6322db452937f54176e56e65265a (patch) | |
| tree | 6d8bb83e521173ce69453e465858415b253a038e /src/core/selinux-access.h | |
| parent | 19bee5c3674cda184443509b49b9415f599349ab (diff) | |
selinux: drop mac_selinux_unit_access_check_strv()
It is not acceptable to load unit files during enable/disable operations
just to figure out the selinux labels. systemd implements lazy loading
for units, so the selinux hooks need to follow it.
This drops the mac_selinux_unit_access_check_strv() helper which
implements a non-acceptable policy check. If anyone cares for that
functionality, you really should pass a callback+userdata to the helpers
in src/shared/install.c which does policy checks on each touched file.
See #1050 on github for more.
Diffstat (limited to 'src/core/selinux-access.h')
| -rw-r--r-- | src/core/selinux-access.h | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/src/core/selinux-access.h b/src/core/selinux-access.h index b5758e2e42..e6b4dd7fee 100644 --- a/src/core/selinux-access.h +++ b/src/core/selinux-access.h @@ -29,8 +29,6 @@ void mac_selinux_access_free(void); int mac_selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error); -int mac_selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error); - #ifdef HAVE_SELINUX #define mac_selinux_access_check(message, permission, error) \ |