From 6355e75610a8d47fc3ba5ab8bd442172a2cfe574 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 27 Nov 2015 20:22:56 +0100 Subject: selinux: split up mac_selinux_have() from mac_selinux_use() Let's distuingish the cases where our code takes an active role in selinux management, or just passively reports whatever selinux properties are set. mac_selinux_have() now checks whether selinux is around for the passive stuff, and mac_selinux_use() for the active stuff. The latter checks the former, plus also checks UID == 0, under the assumption that only when we run priviliged selinux management really makes sense. Fixes: #1941 --- src/libsystemd/sd-bus/bus-socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/libsystemd/sd-bus') diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c index 25873dea1e..1df571ac92 100644 --- a/src/libsystemd/sd-bus/bus-socket.c +++ b/src/libsystemd/sd-bus/bus-socket.c @@ -609,7 +609,7 @@ static void bus_get_peercred(sd_bus *b) { b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0; /* Get the SELinux context of the peer */ - if (mac_selinux_use()) { + if (mac_selinux_have()) { r = getpeersec(b->input_fd, &b->label); if (r < 0 && r != -EOPNOTSUPP) log_debug_errno(r, "Failed to determine peer security context: %m"); -- cgit v1.2.3-54-g00ecf