X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fselinux-access.c;h=f6389584f75ae4a77bb7fffd9c1a9eaea70eaea1;hb=b57b06258e0b1894edb6d1fc52a80b3c33164892;hp=a4694b33f36e5a7321388981493730779e44b965;hpb=8a188de9e0ea41509beda12084126d7a75ebe86e;p=elogind.git

diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index a4694b33f..f6389584f 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -70,9 +70,9 @@ static int audit_callback(
 
         if (sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid) >= 0)
                 snprintf(login_uid_buf, sizeof(login_uid_buf), UID_FMT, login_uid);
-        if (sd_bus_creds_get_uid(audit->creds, &uid) >= 0)
+        if (sd_bus_creds_get_euid(audit->creds, &uid) >= 0)
                 snprintf(uid_buf, sizeof(uid_buf), UID_FMT, uid);
-        if (sd_bus_creds_get_gid(audit->creds, &gid) >= 0)
+        if (sd_bus_creds_get_egid(audit->creds, &gid) >= 0)
                 snprintf(gid_buf, sizeof(gid_buf), GID_FMT, gid);
 
         snprintf(msgbuf, msgbufsize,
@@ -112,7 +112,7 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
 #endif
 
         va_start(ap, fmt);
-        log_metav(LOG_USER | LOG_INFO, __FILE__, __LINE__, __FUNCTION__, fmt, ap);
+        log_internalv(LOG_AUTH | LOG_INFO, 0, __FILE__, __LINE__, __FUNCTION__, fmt, ap);
         va_end(ap);
 
         return 0;
@@ -126,10 +126,8 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
 static int access_init(void) {
         int r = 0;
 
-        if (avc_open(NULL, 0)) {
-                log_error("avc_open() failed: %m");
-                return -errno;
-        }
+        if (avc_open(NULL, 0))
+                return log_error_errno(errno, "avc_open() failed: %m");
 
         selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback) audit_callback);
         selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) log_callback);
@@ -205,9 +203,10 @@ int mac_selinux_generic_access_check(
 
         r = sd_bus_query_sender_creds(
                         message,
-                        SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|
+                        SD_BUS_CREDS_PID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|
                         SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
-                        SD_BUS_CREDS_SELINUX_CONTEXT,
+                        SD_BUS_CREDS_SELINUX_CONTEXT|
+                        SD_BUS_CREDS_AUGMENT /* get more bits from /proc */,
                         &creds);
         if (r < 0)
                 goto finish;