Including SE-DBUS config file

Matthew Rickard mjricka at epoch.ncsc.mil
Tue Aug 10 11:18:33 PDT 2004 

On Mon, 2004-08-09 at 22:25, Havoc Pennington wrote:
> On Mon, 2004-08-09 at 16:15, Matthew Rickard wrote:
>   Do we want to add something to system.conf to tell it to load the SELinux config file, or
> > do we want to explicitly load it if SELinux support is present?  If we
> > load it explicitly, should we just include_file() the config somewhere?
> > 
> 
> I think system.conf should just <include> the SELinux config file.
> Suggest adding the syntax:
>  <include
> selinux_root_relative="true">contexts/dbus_contexts.conf</include>
> or something like that.
> 

That syntax looks good.  I created a patch to add this functionality. 
The patch is attached as se-dbus-config.diff.  This also adds an
additional AVC callback to monitor for policy reloads.  If the policy is
reloaded, we also need to reload our config since the SELinux labeling
could have changed.  To do this I'm just raising a SIGHUP.

I've also attached another patch, which includes all my updates not yet
in CVS (as well as the config updates from the previously mentioned
patch).  A few of these minor changes have been sent to the list, but
the one major change is adding the use of thread and lock callbacks. 
Using a separate thread we can immediately recognize a policy reload and
in turn reload our config.  Otherwise we need to wait for the next
permission check before doing the reload.  This patch is
se-dbus-threads_config.diff.

One minor issue with the thread patch is that I use malloc/free in
allocating locks rather than dbus_new/dbus_free.  I did this because the
locks exist for the entire time the AVC exists.  Using dbus_new causes
the tests to report a memory leak.  This could be fixed by having each
test bus_selinux_init on start and bus_selinux_shutdown on end, but for
now I decided to leave the test cases alone.


Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: se-dbus-config.diff
Type: text/x-patch
Size: 5632 bytes
Desc: not available
Url : http://freedesktop.org/pipermail/dbus/attachments/20040810/e747a6bc/se-dbus-config-0001.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: se-dbus-threads_config.diff
Type: text/x-patch
Size: 10597 bytes
Desc: not available
Url : http://freedesktop.org/pipermail/dbus/attachments/20040810/e747a6bc/se-dbus-threads_config-0001.bin

More information about the dbus mailing list