From d682b3a7e7c7c2941a4d3e193f1e330dbc9fae89 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 10 Oct 2013 16:35:44 +0200
Subject: security: rework selinux, smack, ima, apparmor detection logic

Always cache the results, and bypass low-level security calls when the
respective subsystem is not enabled.
---
 src/journal/journald-native.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'src/journal/journald-native.c')

diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
index c50cf64f5c..2c91cba16d 100644
--- a/src/journal/journald-native.c
+++ b/src/journal/journald-native.c
@@ -25,6 +25,7 @@
 
 #include "socket-util.h"
 #include "path-util.h"
+#include "selinux-util.h"
 #include "journald-server.h"
 #include "journald-native.h"
 #include "journald-kmsg.h"
@@ -404,10 +405,12 @@ int server_open_native_socket(Server*s) {
         }
 
 #ifdef HAVE_SELINUX
-        one = 1;
-        r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
-        if (r < 0)
-                log_warning("SO_PASSSEC failed: %m");
+        if (use_selinux()) {
+                one = 1;
+                r = setsockopt(s->native_fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
+                if (r < 0)
+                        log_warning("SO_PASSSEC failed: %m");
+        }
 #endif
 
         one = 1;
-- 
cgit v1.2.3-54-g00ecf