summaryrefslogtreecommitdiff
path: root/src/journal/journald-syslog.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2013-10-10 16:35:44 +0200
committerLennart Poettering <lennart@poettering.net>2013-10-10 16:35:44 +0200
commitd682b3a7e7c7c2941a4d3e193f1e330dbc9fae89 (patch)
treef9e0c1c2af7b0756af89db0864a0708076a55144 /src/journal/journald-syslog.c
parent0581dac2c146cef0f55841a4c136dc48409c8eaa (diff)
security: rework selinux, smack, ima, apparmor detection logic
Always cache the results, and bypass low-level security calls when the respective subsystem is not enabled.
Diffstat (limited to 'src/journal/journald-syslog.c')
-rw-r--r--src/journal/journald-syslog.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
index c2770a53d0..dc66ba8c8f 100644
--- a/src/journal/journald-syslog.c
+++ b/src/journal/journald-syslog.c
@@ -25,6 +25,7 @@
#include "systemd/sd-messages.h"
#include "socket-util.h"
+#include "selinux-util.h"
#include "journald-server.h"
#include "journald-syslog.h"
#include "journald-kmsg.h"
@@ -453,10 +454,12 @@ int server_open_syslog_socket(Server *s) {
}
#ifdef HAVE_SELINUX
- one = 1;
- r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
- if (r < 0)
- log_warning("SO_PASSSEC failed: %m");
+ if (use_selinux()) {
+ one = 1;
+ r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
+ if (r < 0)
+ log_warning("SO_PASSSEC failed: %m");
+ }
#endif
one = 1;