[PATCH] Fix problem where call involving the SELinux AVC occurs before the AVC is initialized
Colin Walters
walters at verbum.org
Wed Oct 1 13:26:11 PDT 2008
Thanks for the patch. Just a note, putting patches in Bugzilla is
preferred for a variety of reasons.
The patch doesn't seem to apply to git master, though it was easily
forward ported and I've done so now. But just for background are you
working from the 1.2 branch? Or some older version of dbus from an OS
vendor?
Do you think it also makes sense to move the call to
bus_selinux_audit_init () ? I guess there's some reason these two
things were separated before. It looks like the only issue will be
that we won't log any AVC messages that might occur during init
because audit_fd will still be -1.
On Wed, Oct 1, 2008 at 3:32 PM, James Carter <jwcart2 at tycho.nsa.gov> wrote:
> This patch moves the call to bus_selinux_full_init so that it is before
> the call to process_config_postinit.
> ---
>
> diff --git a/bus/bus.c b/bus/bus.c
> index a28a267..6255330 100644
> --- a/bus/bus.c
> +++ b/bus/bus.c
> @@ -736,6 +736,11 @@ bus_context_new (const DBusString *config_file,
> if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
> !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
> _dbus_pipe_close (print_pid_pipe, NULL);
> +
> + if (!bus_selinux_full_init ())
> + {
> + _dbus_warn ("SELinux initialization failed\n");
> + }
>
> if (!process_config_postinit (context, parser, error))
> {
> @@ -765,11 +770,6 @@ bus_context_new (const DBusString *config_file,
> bus_selinux_audit_init ();
> #endif
> }
> -
> - if (!bus_selinux_full_init ())
> - {
> - _dbus_warn ("SELinux initialization failed\n");
> - }
>
> dbus_server_free_data_slot (&server_data_slot);
>
>
> --
> James Carter <jwcart2 at tycho.nsa.gov>
> National Security Agency
>
> _______________________________________________
> dbus mailing list
> dbus at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dbus
>
More information about the dbus
mailing list