X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fselinux-access.c;h=0a3ee18bb9b527e9471e759d1da470be1479923e;hb=da7e457c5b9339721454ae8401a03ffdd781e6a9;hp=6dfe8b45f3e5095d48391db5b63bee5a3ae4b022;hpb=f274ece0f76b5709408821e317e87aef76123db6;p=elogind.git diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c index 6dfe8b45f..0a3ee18bb 100644 --- a/src/core/selinux-access.c +++ b/src/core/selinux-access.c @@ -6,16 +6,16 @@ Copyright 2012 Dan Walsh systemd is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. systemd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. + Lesser General Public License for more details. - You should have received a copy of the GNU General Public License + You should have received a copy of the GNU Lesser General Public License along with systemd; If not, see . ***/ @@ -104,8 +104,6 @@ static int bus_get_selinux_security_context( *scon = b; - log_debug("GetConnectionSELinuxSecurityContext %s (pid %ld)", *scon, (long) bus_get_unix_process_id(connection, name, error)); - return 0; } @@ -134,7 +132,7 @@ static int bus_get_audit_data( if (r < 0) return r; - r = get_process_cmdline(pid, LINE_MAX, true, &audit->cmdline); + r = get_process_cmdline(pid, 0, true, &audit->cmdline); if (r < 0) return r; @@ -176,20 +174,25 @@ static int audit_callback( user_avc's into the /var/log/audit/audit.log, otherwise they will be sent to syslog. */ -static int log_callback(int type, const char *fmt, ...) { +_printf_attr_(2, 3) static int log_callback(int type, const char *fmt, ...) { va_list ap; va_start(ap, fmt); #ifdef HAVE_AUDIT if (get_audit_fd() >= 0) { - char buf[LINE_MAX]; + _cleanup_free_ char *buf = NULL; + int r; - vsnprintf(buf, sizeof(buf), fmt, ap); - audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0); + r = vasprintf(&buf, fmt, ap); va_end(ap); - return 0; + if (r >= 0) { + audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0); + return 0; + } + + va_start(ap, fmt); } #endif log_metav(LOG_USER | LOG_INFO, __FILE__, __LINE__, __FUNCTION__, fmt, ap); @@ -258,7 +261,7 @@ static int get_audit_data( const char *sender; int r, fd; struct ucred ucred; - socklen_t len; + socklen_t len = sizeof(ucred); sender = dbus_message_get_sender(message); if (sender) @@ -280,7 +283,7 @@ static int get_audit_data( if (r < 0) return r; - r = get_process_cmdline(ucred.pid, LINE_MAX, true, &audit->cmdline); + r = get_process_cmdline(ucred.pid, 0, true, &audit->cmdline); if (r < 0) return r; @@ -308,8 +311,6 @@ static int get_calling_context( */ sender = dbus_message_get_sender(message); if (sender) { - log_error("SELinux Got Sender %s", sender); - r = bus_get_selinux_security_context(connection, sender, scon, error); if (r >= 0) return r; @@ -318,7 +319,6 @@ static int get_calling_context( return r; } - log_debug("SELinux No Sender"); if (!dbus_connection_get_unix_fd(connection, &fd)) { log_error("bus_connection_get_unix_fd failed %m"); return -EINVAL; @@ -363,8 +363,6 @@ int selinux_access_check( if (r < 0) return r; - log_debug("SELinux access check for path=%s permission=%s", strna(path), permission); - audit.uid = audit.loginuid = (uid_t) -1; audit.gid = (gid_t) -1; audit.cmdline = NULL;