From 09aa69e0153e66326c6746ec7e4841567d44ccdb Mon Sep 17 00:00:00 2001 From: "John (J5) Palmieri" Date: Wed, 3 Oct 2007 17:29:45 -0400 Subject: fd.o bug #12429 Reverse check to setpcap and only init audit if we were root * patch by Dan Walsh * https://bugs.freedesktop.org/show_bug.cgi?id=12429 * Reverse we_were_root check to setpcap if we were root. Also only init audit if we were root. So error dbus message will not show up when policy reload happens. dbus -session will no longer try to send audit message, only system will. --- bus/selinux.c | 8 ++------ dbus/dbus-sysdeps-util-unix.c | 5 +++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/bus/selinux.c b/bus/selinux.c index 7fedba6f..8c7a6f83 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -113,7 +113,7 @@ static const struct avc_lock_callback lock_cb = static int audit_fd = -1; #endif -static void +void audit_init(void) { #ifdef HAVE_LIBAUDIT @@ -350,12 +350,8 @@ bus_selinux_full_init (void) freecon (bus_context); - audit_init (); - - return TRUE; -#else - return TRUE; #endif /* HAVE_SELINUX */ + return TRUE; } /** diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index df967a38..e03e0b76 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -338,7 +338,7 @@ _dbus_change_to_daemon_user (const char *user, * run as ... doesn't really help. But keeps people happy. */ - if (!we_were_root) + if (we_were_root) { cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE }; cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID }; @@ -414,7 +414,7 @@ _dbus_change_to_daemon_user (const char *user, } #ifdef HAVE_LIBAUDIT - if (!we_were_root) + if (we_were_root) { if (cap_set_proc (new_caps)) { @@ -433,6 +433,7 @@ _dbus_change_to_daemon_user (const char *user, _dbus_strerror (errno)); return FALSE; } + audit_init(); } #endif -- cgit