diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-11-27 20:22:56 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-11-27 20:28:13 +0100 |
| commit | 6355e75610a8d47fc3ba5ab8bd442172a2cfe574 (patch) | |
| tree | e71ec8fc1fdb2cef3d06a2b50f1f27b22199391e /src/journal | |
| parent | 564c44436cf64adc7a9eff8c17f386899194a893 (diff) | |
selinux: split up mac_selinux_have() from mac_selinux_use()
Let's distuingish the cases where our code takes an active role in
selinux management, or just passively reports whatever selinux
properties are set.
mac_selinux_have() now checks whether selinux is around for the passive
stuff, and mac_selinux_use() for the active stuff. The latter checks the
former, plus also checks UID == 0, under the assumption that only when
we run priviliged selinux management really makes sense.
Fixes: #1941
Diffstat (limited to 'src/journal')
| -rw-r--r-- | src/journal/journald-native.c | 2 | ||||
| -rw-r--r-- | src/journal/journald-server.c | 2 | ||||
| -rw-r--r-- | src/journal/journald-stream.c | 2 | ||||
| -rw-r--r-- | src/journal/journald-syslog.c | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c index 69a685c06f..371df5b37f 100644 --- a/src/journal/journald-native.c +++ b/src/journal/journald-native.c @@ -480,7 +480,7 @@ int server_open_native_socket(Server*s) { return log_error_errno(errno, "SO_PASSCRED failed: %m"); #ifdef HAVE_SELINUX - if (mac_selinux_use()) { + if (mac_selinux_have()) { r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)); if (r < 0) log_warning_errno(errno, "SO_PASSSEC failed: %m"); diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index 7d11a568aa..eb17f413f2 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -707,7 +707,7 @@ static void dispatch_message_real( } #ifdef HAVE_SELINUX - if (mac_selinux_use()) { + if (mac_selinux_have()) { if (label) { x = alloca(strlen("_SELINUX_CONTEXT=") + label_len + 1); diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c index 07a0f1bf41..131fcdac42 100644 --- a/src/journal/journald-stream.c +++ b/src/journal/journald-stream.c @@ -493,7 +493,7 @@ static int stdout_stream_install(Server *s, int fd, StdoutStream **ret) { if (r < 0) return log_error_errno(r, "Failed to determine peer credentials: %m"); - if (mac_selinux_use()) { + if (mac_selinux_have()) { r = getpeersec(fd, &stream->label); if (r < 0 && r != -EOPNOTSUPP) (void) log_warning_errno(r, "Failed to determine peer security context: %m"); diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c index f3ac1a7ae0..cfc50d889b 100644 --- a/src/journal/journald-syslog.c +++ b/src/journal/journald-syslog.c @@ -415,7 +415,7 @@ int server_open_syslog_socket(Server *s) { return log_error_errno(errno, "SO_PASSCRED failed: %m"); #ifdef HAVE_SELINUX - if (mac_selinux_use()) { + if (mac_selinux_have()) { r = setsockopt(s->syslog_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)); if (r < 0) log_warning_errno(errno, "SO_PASSSEC failed: %m"); |