summaryrefslogtreecommitdiff
path: root/src/journal/journald-stream.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-11-27 20:22:56 +0100
committerLennart Poettering <lennart@poettering.net>2015-11-27 20:28:13 +0100
commit6355e75610a8d47fc3ba5ab8bd442172a2cfe574 (patch)
treee71ec8fc1fdb2cef3d06a2b50f1f27b22199391e /src/journal/journald-stream.c
parent564c44436cf64adc7a9eff8c17f386899194a893 (diff)
selinux: split up mac_selinux_have() from mac_selinux_use()
Let's distuingish the cases where our code takes an active role in selinux management, or just passively reports whatever selinux properties are set. mac_selinux_have() now checks whether selinux is around for the passive stuff, and mac_selinux_use() for the active stuff. The latter checks the former, plus also checks UID == 0, under the assumption that only when we run priviliged selinux management really makes sense. Fixes: #1941
Diffstat (limited to 'src/journal/journald-stream.c')
-rw-r--r--src/journal/journald-stream.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
index 07a0f1bf41..131fcdac42 100644
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -493,7 +493,7 @@ static int stdout_stream_install(Server *s, int fd, StdoutStream **ret) {
if (r < 0)
return log_error_errno(r, "Failed to determine peer credentials: %m");
- if (mac_selinux_use()) {
+ if (mac_selinux_have()) {
r = getpeersec(fd, &stream->label);
if (r < 0 && r != -EOPNOTSUPP)
(void) log_warning_errno(r, "Failed to determine peer security context: %m");