security: rework selinux, smack, ima, apparmor detection logic

Always cache the results, and bypass low-level security calls when the respective subsystem is not enabled.
author: Lennart Poettering <lennart@poettering.net> 2013-10-10 16:35:44 +0200
committer: Lennart Poettering <lennart@poettering.net> 2013-10-10 16:35:44 +0200
commit: d682b3a7e7c7c2941a4d3e193f1e330dbc9fae89 (patch)
tree: f9e0c1c2af7b0756af89db0864a0708076a55144 /src/journal/journald-native.c
parent: 0581dac2c146cef0f55841a4c136dc48409c8eaa (diff)
1 files changed, 7 insertions, 4 deletions
diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
index c50cf64f5c..2c91cba16d 100644
--- a/src/journal/journald-native.c
+++ b/src/journal/journald-native.c
@@ -25,6 +25,7 @@
 
 #include "socket-util.h"
 #include "path-util.h"
+#include "selinux-util.h"
 #include "journald-server.h"
 #include "journald-native.h"
 #include "journald-kmsg.h"
@@ -404,10 +405,12 @@ int server_open_native_socket(Server*s) {
         }
 
 #ifdef HAVE_SELINUX
-        one = 1;
-        r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
-        if (r < 0)
-                log_warning("SO_PASSSEC failed: %m");
+        if (use_selinux()) {
+                one = 1;
+                r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
+                if (r < 0)
+                        log_warning("SO_PASSSEC failed: %m");
+        }
 #endif
 
         one = 1;
author	Lennart Poettering <lennart@poettering.net>	2013-10-10 16:35:44 +0200
committer	Lennart Poettering <lennart@poettering.net>	2013-10-10 16:35:44 +0200
commit	d682b3a7e7c7c2941a4d3e193f1e330dbc9fae89 (patch)
tree	f9e0c1c2af7b0756af89db0864a0708076a55144 /src/journal/journald-native.c
parent	0581dac2c146cef0f55841a4c136dc48409c8eaa (diff)