chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
journald: Do not always record _AUDIT_SESSION and _AUDIT_LOGINUID
[elogind.git]
/
src
/
core
/
selinux-access.c
diff --git
a/src/core/selinux-access.c
b/src/core/selinux-access.c
index d9c3f9bcdaa4f31d78165a67684ef4f864b49dfd..bc195f3c56e746746bd03d3a5cb2edc0baeb9f34 100644
(file)
--- a/
src/core/selinux-access.c
+++ b/
src/core/selinux-access.c
@@
-59,6
+59,10
@@
static int bus_get_selinux_security_context(
DBusError *error) {
_cleanup_dbus_message_unref_ DBusMessage *m = NULL, *reply = NULL;
DBusError *error) {
_cleanup_dbus_message_unref_ DBusMessage *m = NULL, *reply = NULL;
+ DBusMessageIter iter, sub;
+ const char *bytes;
+ char *b;
+ int nbytes;
m = dbus_message_new_method_call(
DBUS_SERVICE_DBUS,
m = dbus_message_new_method_call(
DBUS_SERVICE_DBUS,
@@
-85,12
+89,21
@@
static int bus_get_selinux_security_context(
if (dbus_set_error_from_message(error, reply))
return -EIO;
if (dbus_set_error_from_message(error, reply))
return -EIO;
- if (!dbus_message_get_args(
- reply, error,
- DBUS_TYPE_STRING, scon,
- DBUS_TYPE_INVALID))
+ if (!dbus_message_iter_init(reply, &iter))
return -EIO;
return -EIO;
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY)
+ return -EIO;
+
+ dbus_message_iter_recurse(&iter, &sub);
+ dbus_message_iter_get_fixed_array(&sub, &bytes, &nbytes);
+
+ b = strndup(bytes, nbytes);
+ if (!b)
+ return -ENOMEM;
+
+ *scon = b;
+
return 0;
}
return 0;
}
@@
-119,7
+132,7
@@
static int bus_get_audit_data(
if (r < 0)
return r;
if (r < 0)
return r;
- r = get_process_cmdline(pid,
LINE_MAX
, true, &audit->cmdline);
+ r = get_process_cmdline(pid,
0
, true, &audit->cmdline);
if (r < 0)
return r;
if (r < 0)
return r;
@@
-168,13
+181,18
@@
static int log_callback(int type, const char *fmt, ...) {
#ifdef HAVE_AUDIT
if (get_audit_fd() >= 0) {
#ifdef HAVE_AUDIT
if (get_audit_fd() >= 0) {
- char buf[LINE_MAX];
+ _cleanup_free_ char *buf = NULL;
+ int r;
- vsnprintf(buf, sizeof(buf), fmt, ap);
- audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
+ r = vasprintf(&buf, fmt, ap);
va_end(ap);
va_end(ap);
- return 0;
+ if (r >= 0) {
+ audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
+ return 0;
+ }
+
+ va_start(ap, fmt);
}
#endif
log_metav(LOG_USER | LOG_INFO, __FILE__, __LINE__, __FUNCTION__, fmt, ap);
}
#endif
log_metav(LOG_USER | LOG_INFO, __FILE__, __LINE__, __FUNCTION__, fmt, ap);
@@
-243,7
+261,7
@@
static int get_audit_data(
const char *sender;
int r, fd;
struct ucred ucred;
const char *sender;
int r, fd;
struct ucred ucred;
- socklen_t len;
+ socklen_t len
= sizeof(ucred)
;
sender = dbus_message_get_sender(message);
if (sender)
sender = dbus_message_get_sender(message);
if (sender)
@@
-265,7
+283,7
@@
static int get_audit_data(
if (r < 0)
return r;
if (r < 0)
return r;
- r = get_process_cmdline(ucred.pid,
LINE_MAX
, true, &audit->cmdline);
+ r = get_process_cmdline(ucred.pid,
0
, true, &audit->cmdline);
if (r < 0)
return r;
if (r < 0)
return r;
@@
-297,8
+315,8
@@
static int get_calling_context(
if (r >= 0)
return r;
if (r >= 0)
return r;
- log_
debug("bus_get_selinux_security_context failed
%m");
-
dbus_error_free(error)
;
+ log_
error("bus_get_selinux_security_context failed:
%m");
+
return r
;
}
if (!dbus_connection_get_unix_fd(connection, &fd)) {
}
if (!dbus_connection_get_unix_fd(connection, &fd)) {
@@
-345,8
+363,6
@@
int selinux_access_check(
if (r < 0)
return r;
if (r < 0)
return r;
- log_debug("SELinux access check for path=%s permission=%s", strna(path), permission);
-
audit.uid = audit.loginuid = (uid_t) -1;
audit.gid = (gid_t) -1;
audit.cmdline = NULL;
audit.uid = audit.loginuid = (uid_t) -1;
audit.gid = (gid_t) -1;
audit.cmdline = NULL;