diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-11-27 20:22:56 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-11-27 20:28:13 +0100 |
| commit | 6355e75610a8d47fc3ba5ab8bd442172a2cfe574 (patch) | |
| tree | e71ec8fc1fdb2cef3d06a2b50f1f27b22199391e /src/shared/condition.c | |
| parent | 564c44436cf64adc7a9eff8c17f386899194a893 (diff) | |
selinux: split up mac_selinux_have() from mac_selinux_use()
Let's distuingish the cases where our code takes an active role in
selinux management, or just passively reports whatever selinux
properties are set.
mac_selinux_have() now checks whether selinux is around for the passive
stuff, and mac_selinux_use() for the active stuff. The latter checks the
former, plus also checks UID == 0, under the assumption that only when
we run priviliged selinux management really makes sense.
Fixes: #1941
Diffstat (limited to 'src/shared/condition.c')
| -rw-r--r-- | src/shared/condition.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/shared/condition.c b/src/shared/condition.c index a69719116c..14d18429b6 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -231,7 +231,7 @@ static int condition_test_security(Condition *c) { assert(c->type == CONDITION_SECURITY); if (streq(c->parameter, "selinux")) - return mac_selinux_use(); + return mac_selinux_have(); if (streq(c->parameter, "smack")) return mac_smack_use(); if (streq(c->parameter, "apparmor")) |