From 09aa69e0153e66326c6746ec7e4841567d44ccdb Mon Sep 17 00:00:00 2001 From: "John (J5) Palmieri" Date: Wed, 3 Oct 2007 17:29:45 -0400 Subject: fd.o bug #12429 Reverse check to setpcap and only init audit if we were root * patch by Dan Walsh * https://bugs.freedesktop.org/show_bug.cgi?id=12429 * Reverse we_were_root check to setpcap if we were root. Also only init audit if we were root. So error dbus message will not show up when policy reload happens. dbus -session will no longer try to send audit message, only system will. --- dbus/dbus-sysdeps-util-unix.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'dbus/dbus-sysdeps-util-unix.c') diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index df967a38..e03e0b76 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -338,7 +338,7 @@ _dbus_change_to_daemon_user (const char *user, * run as ... doesn't really help. But keeps people happy. */ - if (!we_were_root) + if (we_were_root) { cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE }; cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID }; @@ -414,7 +414,7 @@ _dbus_change_to_daemon_user (const char *user, } #ifdef HAVE_LIBAUDIT - if (!we_were_root) + if (we_were_root) { if (cap_set_proc (new_caps)) { @@ -433,6 +433,7 @@ _dbus_change_to_daemon_user (const char *user, _dbus_strerror (errno)); return FALSE; } + audit_init(); } #endif -- cgit