diff options
| author | Lennart Poettering <lennart@poettering.net> | 2013-10-10 16:35:44 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2013-10-10 16:35:44 +0200 |
| commit | d682b3a7e7c7c2941a4d3e193f1e330dbc9fae89 (patch) | |
| tree | f9e0c1c2af7b0756af89db0864a0708076a55144 /src/journal/journald-stream.c | |
| parent | 0581dac2c146cef0f55841a4c136dc48409c8eaa (diff) | |
security: rework selinux, smack, ima, apparmor detection logic
Always cache the results, and bypass low-level security calls when the
respective subsystem is not enabled.
Diffstat (limited to 'src/journal/journald-stream.c')
| -rw-r--r-- | src/journal/journald-stream.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c index 9c4efec9bc..543614aead 100644 --- a/src/journal/journald-stream.c +++ b/src/journal/journald-stream.c @@ -29,6 +29,7 @@ #endif #include "socket-util.h" +#include "selinux-util.h" #include "journald-server.h" #include "journald-stream.h" #include "journald-syslog.h" @@ -381,8 +382,10 @@ int stdout_stream_new(Server *s) { } #ifdef HAVE_SELINUX - if (getpeercon(fd, &stream->security_context) < 0 && errno != ENOPROTOOPT) - log_error("Failed to determine peer security context: %m"); + if (use_selinux()) { + if (getpeercon(fd, &stream->security_context) < 0 && errno != ENOPROTOOPT) + log_error("Failed to determine peer security context: %m"); + } #endif if (shutdown(fd, SHUT_WR) < 0) { |