[systemd-devel] New SELinux Patch to fix gettys not starting and poweroff/reboot commands from userspace working.

Daniel J Walsh dwalsh at redhat.com
Mon Sep 24 19:00:03 PDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lots of new debugging/Error messages, to figure out what was failing.

Fix audit messages to not add cmdline of path if it does not exist.

Fix handling of initilization of selinux libraries.

Use log_error instead of log_full(LOG_ERROR

If bus_get_selinux_security_context fails, try to get the PID of the remote
connection and use this to get security context.

Set r -errno when the error happens, not on exit.

Use selinux_getenforce() rather then relying on global, since the global is
not always up2date.

Call multiple dbus_message_get_args to try to get name field.  One with three
params, one with two and one with one.  dbus-manager needs to be cleaned up,
and then we could change SELinux patch to take either a unit file or just a path.

Stop returning errors, if SELinux can not complete checks.  We can probably
turn this back on, but I wanted to make sure systemd would work in the field
before tightening this up.

You also need an updated SELINux policy to make this work.

selinux-policy-3.11.1-24.fc18.noarch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBhECMACgkQrlYvE4MpobOv1ACfdXIAZ0WVim8I3wRAK2IlsLcB
150An0e8+Uv/EkPZWzrtytURUIOvwvDC
=uv/J
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd-selinux-access.patch
Type: text/x-patch
Size: 10079 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20120924/84e9026c/attachment.bin>


More information about the systemd-devel mailing list