[PATCH] Fix problem where call involving the SELinux AVC occurs before the AVC is initialized

James Carter jwcart2 at tycho.nsa.gov
Thu Oct 2 06:20:25 PDT 2008 

On Wed, 2008-10-01 at 16:26 -0400, Colin Walters wrote:
> Thanks for the patch.  Just a note, putting patches in Bugzilla is
> preferred for a variety of reasons.
> 
OK.  I'll do that next time.

> The patch doesn't seem to apply to git master, though it was easily
> forward ported and I've done so now.  But just for background are you
> working from the 1.2 branch?  Or some older version of dbus from an OS
> vendor?
> 
I did:
git clone git://anongit.freedesktop.org/git/dbus/dbus

Maybe there were some whitespace issues when I copied it into my email?

> Do you think it also makes sense to move the call to
> bus_selinux_audit_init () ?  I guess there's some reason these two
> things were separated before.  It looks like the only issue will be
> that we won't log any AVC messages that might occur during init
> because audit_fd will still be -1.
> 
I don't see any reason why the call to bus_selinux_audit_init() couldn't
be moved.

> On Wed, Oct 1, 2008 at 3:32 PM, James Carter <jwcart2 at tycho.nsa.gov> wrote:
> > This patch moves the call to bus_selinux_full_init so that it is before
> > the call to process_config_postinit.
> > ---
> >
> > diff --git a/bus/bus.c b/bus/bus.c
> > index a28a267..6255330 100644
> > --- a/bus/bus.c
> > +++ b/bus/bus.c
> > @@ -736,6 +736,11 @@ bus_context_new (const DBusString *config_file,
> >   if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
> >       !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
> >     _dbus_pipe_close (print_pid_pipe, NULL);
> > +
> > +  if (!bus_selinux_full_init ())
> > +    {
> > +      _dbus_warn ("SELinux initialization failed\n");
> > +    }
> >
> >   if (!process_config_postinit (context, parser, error))
> >     {
> > @@ -765,11 +770,6 @@ bus_context_new (const DBusString *config_file,
> >       bus_selinux_audit_init ();
> >  #endif
> >     }
> > -
> > -  if (!bus_selinux_full_init ())
> > -    {
> > -      _dbus_warn ("SELinux initialization failed\n");
> > -    }
> >
> >   dbus_server_free_data_slot (&server_data_slot);
> >
> >
> > --
> > James Carter <jwcart2 at tycho.nsa.gov>
> > National Security Agency
> >
> > _______________________________________________
> > dbus mailing list
> > dbus at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/dbus
> >
-- 
James Carter <jwcart2 at tycho.nsa.gov>
National Security Agency

More information about the dbus mailing list