You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 lines
1.5 KiB
40 lines
1.5 KiB
From 0b630ecdbfe20ddff9da4f4b6712e80b745b5ab2 Mon Sep 17 00:00:00 2001 |
|
From: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com> |
|
Date: Wed, 24 Jun 2015 12:01:26 +0900 |
|
Subject: [PATCH] selinux: fix missing SELinux unit access check |
|
|
|
Currently, SELinux unit access check is not performed if a given unit |
|
file has not been registered in a hash table. This is because function |
|
manager_get_unit() only tries to pick up a Unit object from a Unit |
|
hash table. Instead, we use function manager_load_unit() searching |
|
Unit file pathes for the given Unit file. |
|
|
|
Cherry-picked from: 4938696301a914ec26bcfc60bb99a1e9624e378 |
|
Resolves: #1185120 |
|
--- |
|
src/core/selinux-access.c | 12 ++++++------ |
|
1 file changed, 6 insertions(+), 6 deletions(-) |
|
|
|
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c |
|
index 91460b8af..f11247c09 100644 |
|
--- a/src/core/selinux-access.c |
|
+++ b/src/core/selinux-access.c |
|
@@ -272,12 +272,12 @@ int mac_selinux_unit_access_check_strv(char **units, |
|
int r; |
|
|
|
STRV_FOREACH(i, units) { |
|
- u = manager_get_unit(m, *i); |
|
- if (u) { |
|
- r = mac_selinux_unit_access_check(u, message, permission, error); |
|
- if (r < 0) |
|
- return r; |
|
- } |
|
+ r = manager_load_unit(m, *i, NULL, error, &u); |
|
+ if (r < 0) |
|
+ return r; |
|
+ r = mac_selinux_unit_access_check(u, message, permission, error); |
|
+ if (r < 0) |
|
+ return r; |
|
} |
|
#endif |
|
return 0;
|
|
|