You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66 lines
2.2 KiB
66 lines
2.2 KiB
From a82e1be24d0211d4358d8ff3b8cd06dae71a9993 Mon Sep 17 00:00:00 2001 |
|
From: David King <dking@redhat.com> |
|
Date: Mon, 22 Aug 2016 09:43:29 +0100 |
|
Subject: [PATCH] Use _raw() calls to avoid SELinux context translation |
|
|
|
When the credentials obtained from the client socket are used in future |
|
security checks, no context translation should be performed, so |
|
getpeercon() should be replaced with getpeercon_raw(), and similar |
|
changes should me be made for other calls such as avc_sid_to_context() |
|
and getcon(). |
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1356141 |
|
--- |
|
bus/selinux.c | 10 +++++----- |
|
1 file changed, 5 insertions(+), 5 deletions(-) |
|
|
|
diff --git a/bus/selinux.c b/bus/selinux.c |
|
index 2fb4a8b..13361aa 100644 |
|
--- a/bus/selinux.c |
|
+++ b/bus/selinux.c |
|
@@ -412,14 +412,14 @@ bus_selinux_full_init (void) |
|
bus_context = NULL; |
|
bus_sid = SECSID_WILD; |
|
|
|
- if (getcon (&bus_context) < 0) |
|
+ if (getcon_raw (&bus_context) < 0) |
|
{ |
|
_dbus_verbose ("Error getting context of bus: %s\n", |
|
_dbus_strerror (errno)); |
|
return FALSE; |
|
} |
|
|
|
- if (avc_context_to_sid (bus_context, &bus_sid) < 0) |
|
+ if (avc_context_to_sid_raw (bus_context, &bus_sid) < 0) |
|
{ |
|
_dbus_verbose ("Error getting SID from bus context: %s\n", |
|
_dbus_strerror (errno)); |
|
@@ -713,7 +713,7 @@ bus_selinux_append_context (DBusMessage *message, |
|
#ifdef HAVE_SELINUX |
|
char *context; |
|
|
|
- if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0) |
|
+ if (avc_sid_to_context_raw (SELINUX_SID_FROM_BUS (sid), &context) < 0) |
|
{ |
|
if (errno == ENOMEM) |
|
BUS_SET_OOM (error); |
|
@@ -766,7 +766,7 @@ bus_connection_read_selinux_context (DBusConnection *connection, |
|
return FALSE; |
|
} |
|
|
|
- if (getpeercon (fd, con) < 0) |
|
+ if (getpeercon_raw (fd, con) < 0) |
|
{ |
|
_dbus_verbose ("Error getting context of socket peer: %s\n", |
|
_dbus_strerror (errno)); |
|
@@ -901,7 +901,7 @@ bus_selinux_init_connection_id (DBusConnection *connection, |
|
|
|
_dbus_verbose ("Converting context to SID to store on connection\n"); |
|
|
|
- if (avc_context_to_sid (con, &sid) < 0) |
|
+ if (avc_context_to_sid_raw (con, &sid) < 0) |
|
{ |
|
if (errno == ENOMEM) |
|
BUS_SET_OOM (error); |
|
-- |
|
2.7.4
|
|
|