Including SE-DBUS config file

Colin Walters walters at redhat.com
Fri Aug 20 11:40:33 PDT 2004 

On Tue, 2004-08-10 at 16:58 -0400, Matthew Rickard wrote: 
> On Tue, 2004-08-10 at 14:18, Matthew Rickard wrote:
> > One minor issue with the thread patch is that I use malloc/free in
> > allocating locks rather than dbus_new/dbus_free.  I did this because the
> > locks exist for the entire time the AVC exists.  Using dbus_new causes
> > the tests to report a memory leak.  This could be fixed by having each
> > test bus_selinux_init on start and bus_selinux_shutdown on end, but for
> > now I decided to leave the test cases alone.
> 
> On that note, here is another patch that uses dbus_new and dbus_free for
> the locks.  It changes test-main.c to call bus_selinux_init and
> bus_selinux_shutdown for each test.  It also introduces an
> avc_memory_callback to use dbus_malloc and dbus_free internally in the
> AVC.  

Looks good.  A few minor things:

> -        
> -        if (!make_full_path (&parser->basedir, content, &full_path))
> +
> +        if (e->d.include.selinux_root_relative 
> +            && bus_selinux_get_policy_root ())

I moved the test for bus_selinux_get_policy_root () to a separate check,
in order to give a better error message if we couldn't determine the
policy root for a SELinux-root relative include file.

> +/* Allocate a new AVC lock.  */
> +static void *
> +avc_alloc_lock (void)
> +{
> +  pthread_mutex_t *avc_mutex;
> +
> +  avc_mutex = dbus_new (pthread_mutex_t, 1);
> +  if (avc_mutex == NULL)
> +    {
> +      _dbus_warn ("Could not tell if SELinux is enabled: %s\n",
> +                  _dbus_strerror (errno));

Just a typo I assume?  I changed this to "Could not create mutex: %s\n".

> +  if (!bus_selinux_init ())
> +    die ("could not init selinux support");

Rather than doing this a lot, I created a test_pre_hook () and
test_post_hook (), and moved things into there.

One thing I'm not sure of is whether Havoc would prefer to have wrapper
functions in dbus-sysdep.c for threading.  It's probably not worth it
for now, but maybe we'll want to do it if there end up being any other
users of threading later.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://freedesktop.org/pipermail/dbus/attachments/20040820/e8bfe970/attachment.pgp

More information about the dbus mailing list