selinux: split up mac_selinux_have() from mac_selinux_use()

Let's distuingish the cases where our code takes an active role in selinux management, or just passively reports whatever selinux properties are set. mac_selinux_have() now checks whether selinux is around for the passive stuff, and mac_selinux_use() for the active stuff. The latter checks the former, plus also checks UID == 0, under the assumption that only when we run priviliged selinux management really makes sense. Fixes: #1941
author: Lennart Poettering <lennart@poettering.net> 2015-11-27 20:22:56 +0100
committer: Lennart Poettering <lennart@poettering.net> 2015-11-27 20:28:13 +0100
commit: 6355e75610a8d47fc3ba5ab8bd442172a2cfe574 (patch)
tree: e71ec8fc1fdb2cef3d06a2b50f1f27b22199391e /src/libsystemd/sd-bus/bus-socket.c
parent: 564c44436cf64adc7a9eff8c17f386899194a893 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
index 25873dea1e..1df571ac92 100644
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@@ -609,7 +609,7 @@ static void bus_get_peercred(sd_bus *b) {
         b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0;
 
         /* Get the SELinux context of the peer */
-        if (mac_selinux_use()) {
+        if (mac_selinux_have()) {
                 r = getpeersec(b->input_fd, &b->label);
                 if (r < 0 && r != -EOPNOTSUPP)
                         log_debug_errno(r, "Failed to determine peer security context: %m");
author	Lennart Poettering <lennart@poettering.net>	2015-11-27 20:22:56 +0100
committer	Lennart Poettering <lennart@poettering.net>	2015-11-27 20:28:13 +0100
commit	6355e75610a8d47fc3ba5ab8bd442172a2cfe574 (patch)
tree	e71ec8fc1fdb2cef3d06a2b50f1f27b22199391e /src/libsystemd/sd-bus/bus-socket.c
parent	564c44436cf64adc7a9eff8c17f386899194a893 (diff)