From d682b3a7e7c7c2941a4d3e193f1e330dbc9fae89 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 10 Oct 2013 16:35:44 +0200
Subject: security: rework selinux, smack, ima, apparmor detection logic

Always cache the results, and bypass low-level security calls when the
respective subsystem is not enabled.
---
 src/journal/journald-stream.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/journal/journald-stream.c')

diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
index 9c4efec9bc..543614aead 100644
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -29,6 +29,7 @@
 #endif
 
 #include "socket-util.h"
+#include "selinux-util.h"
 #include "journald-server.h"
 #include "journald-stream.h"
 #include "journald-syslog.h"
@@ -381,8 +382,10 @@ int stdout_stream_new(Server *s) {
         }
 
 #ifdef HAVE_SELINUX
-        if (getpeercon(fd, &stream->security_context) < 0 && errno != ENOPROTOOPT)
-                log_error("Failed to determine peer security context: %m");
+        if (use_selinux()) {
+                if (getpeercon(fd, &stream->security_context) < 0 && errno != ENOPROTOOPT)
+                        log_error("Failed to determine peer security context: %m");
+        }
 #endif
 
         if (shutdown(fd, SHUT_WR) < 0) {
-- 
cgit v1.2.3-54-g00ecf