[PATCH] Fix problem where call involving the SELinux AVC occurs before the AVC is initialized

SHAUNAK SAHA reach2shaunak at yahoo.com
Fri Oct 3 05:51:20 PDT 2008 

Hi James,

Thanks for the patch.I also did the same and was able to remove the segmentation fault. As i told it was crashing in sidtab_context_to_sid in the line c->htable[hvalue] as becuase at that htable was not initialized at that point and gets initilized in bus_selinux_full_init.

But now after that when i confine the gconf daemon and try to run it is getting killed as it is not able to  become the owner of the service name.I have included that domain and service name in system.conf file.While debuging dbus daemon i found that sidtab_insert from sidtab_context_to_sid was not becomming successfull for this somwhow.I m still working on it.
Do you have any idea regarding the same?

Regards,
Shaunak





________________________________
From: James Carter <jwcart2 at tycho.nsa.gov>
To: dbus at lists.freedesktop.org
Cc: SHAUNAK SAHA <indiaservice at citibankcorp.com>
Sent: Thursday, 2 October, 2008 1:02:38 AM
Subject: [PATCH] Fix problem where call involving the SELinux AVC occurs before the AVC is initialized

This patch moves the call to bus_selinux_full_init so that it is before
the call to process_config_postinit.
---

diff --git a/bus/bus.c b/bus/bus.c
index a28a267..6255330 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -736,6 +736,11 @@ bus_context_new (const DBusString *config_file,
   if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
       !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
     _dbus_pipe_close (print_pid_pipe, NULL);
+
+  if (!bus_selinux_full_init ())
+    {
+      _dbus_warn ("SELinux initialization failed\n");
+    }
  
   if (!process_config_postinit (context, parser, error))
     {
@@ -765,11 +770,6 @@ bus_context_new (const DBusString *config_file,
       bus_selinux_audit_init ();
#endif
     }
-
-  if (!bus_selinux_full_init ())
-    {
-      _dbus_warn ("SELinux initialization failed\n");
-    }
  
   dbus_server_free_data_slot (&server_data_slot);
  

-- 
James Carter <jwcart2 at tycho.nsa.gov>
National Security Agency

_______________________________________________
dbus mailing list
dbus at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dbus



      Get perfect Email ID for your Resume. Grab now http://in.promos.yahoo.com/address
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freedesktop.org/archives/dbus/attachments/20081003/d46368e3/attachment.htm

More information about the dbus mailing list