[PATCH] Fix problem where call involving the SELinux AVC occurs before the AVC is initialized

James Carter jwcart2 at tycho.nsa.gov
Fri Oct 3 12:22:52 PDT 2008 

On Fri, 2008-10-03 at 05:51 -0700, SHAUNAK SAHA wrote:
> Hi James,
> 
> Thanks for the patch.I also did the same and was able to remove the
> segmentation fault. As i told it was crashing in sidtab_context_to_sid
> in the line c->htable[hvalue] as becuase at that htable was not
> initialized at that point and gets initilized in
> bus_selinux_full_init.
> 
> But now after that when i confine the gconf daemon and try to run it
> is getting killed as it is not able to  become the owner of the
> service name.I have included that domain and service name in
> system.conf file.While debuging dbus daemon i found that sidtab_insert
> from sidtab_context_to_sid was not becomming successfull for this
> somwhow.I m still working on it.
> Do you have any idea regarding the same?
> 
If the context is not valid for the current policy then the
sidtab_context_to_sid will not be successful (although it shouldn't
crash).


> Regards,
> Shaunak
> 
> 
> 
> 
> ______________________________________________________________________
> From: James Carter <jwcart2 at tycho.nsa.gov>
> To: dbus at lists.freedesktop.org
> Cc: SHAUNAK SAHA <indiaservice at citibankcorp.com>
> Sent: Thursday, 2 October, 2008 1:02:38 AM
> Subject: [PATCH] Fix problem where call involving the SELinux AVC
> occurs before the AVC is initialized
> 
> This patch moves the call to bus_selinux_full_init so that it is
> before
> the call to process_config_postinit.
> ---
> 
> diff --git a/bus/bus.c b/bus/bus.c
> index a28a267..6255330 100644
> --- a/bus/bus.c
> +++ b/bus/bus.c
> @@ -736,6 +736,11 @@ bus_context_new (const DBusString *config_file,
>   if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
>       !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
>     _dbus_pipe_close (print_pid_pipe, NULL);
> +
> +  if (!bus_selinux_full_init ())
> +    {
> +      _dbus_warn ("SELinux initialization failed\n");
> +    }
>   
>   if (!process_config_postinit (context, parser, error))
>     {
> @@ -765,11 +770,6 @@ bus_context_new (const DBusString *config_file,
>       bus_selinux_audit_init ();
> #endif
>     }
> -
> -  if (!bus_selinux_full_init ())
> -    {
> -      _dbus_warn ("SELinux initialization failed\n");
> -    }
>   
>   dbus_server_free_data_slot (&server_data_slot);
>   
> 
> -- 
> James Carter <jwcart2 at tycho.nsa.gov>
> National Security Agency
> 
> _______________________________________________
> dbus mailing list
> dbus at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dbus
> 
> 
> 
> ______________________________________________________________________
> Get perfect Email ID for your Resume. Get before others grab.
-- 
James Carter <jwcart2 at tycho.nsa.gov>
National Security Agency

More information about the dbus mailing list