unit: use weaker dependencies between mount and device units in --user mode

[elogind.git] / src / core / selinux-access.c

diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index 0ec80a1b33f6ce3c6d91572e322699fa07d183ce..a8c9a4b888f6e8a268e089d053741f0cf133b3a2 100644 (file)
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -24,12 +24,9 @@
 #ifdef HAVE_SELINUX
 
 #include <stdio.h>
-#include <string.h>
 #include <errno.h>
-#include <limits.h>
 #include <selinux/selinux.h>
 #include <selinux/avc.h>
-#include <sys/socket.h>
 #ifdef HAVE_AUDIT
 #include <libaudit.h>
 #endif
@@ -38,7 +35,6 @@
 #include "bus-util.h"
 #include "util.h"
 #include "log.h"
-#include "audit.h"
 #include "selinux-util.h"
 #include "audit-fd.h"
 #include "strv.h"
@@ -64,16 +60,16 @@ static int audit_callback(
         const struct audit_info *audit = auditdata;
         uid_t uid = 0, login_uid = 0;
         gid_t gid = 0;
-        char login_uid_buf[DECIMAL_STR_MAX(uid_t)] = "n/a";
-        char uid_buf[DECIMAL_STR_MAX(uid_t)] = "n/a";
-        char gid_buf[DECIMAL_STR_MAX(gid_t)] = "n/a";
+        char login_uid_buf[DECIMAL_STR_MAX(uid_t) + 1] = "n/a";
+        char uid_buf[DECIMAL_STR_MAX(uid_t) + 1] = "n/a";
+        char gid_buf[DECIMAL_STR_MAX(gid_t) + 1] = "n/a";
 
         if (sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid) >= 0)
-                snprintf(login_uid_buf, sizeof(login_uid_buf), UID_FMT, login_uid);
-        if (sd_bus_creds_get_uid(audit->creds, &uid) >= 0)
-                snprintf(uid_buf, sizeof(uid_buf), UID_FMT, uid);
-        if (sd_bus_creds_get_gid(audit->creds, &gid) >= 0)
-                snprintf(gid_buf, sizeof(gid_buf), GID_FMT, gid);
+                xsprintf(login_uid_buf, UID_FMT, login_uid);
+        if (sd_bus_creds_get_euid(audit->creds, &uid) >= 0)
+                xsprintf(uid_buf, UID_FMT, uid);
+        if (sd_bus_creds_get_egid(audit->creds, &gid) >= 0)
+                xsprintf(gid_buf, GID_FMT, gid);
 
         snprintf(msgbuf, msgbufsize,
                  "auid=%s uid=%s gid=%s%s%s%s%s%s%s",
@@ -81,8 +77,6 @@ static int audit_callback(
                  audit->path ? " path=\"" : "", strempty(audit->path), audit->path ? "\"" : "",
                  audit->cmdline ? " cmdline=\"" : "", strempty(audit->cmdline), audit->cmdline ? "\"" : "");
 
-        msgbuf[msgbufsize-1] = 0;
-
         return 0;
 }
 
@@ -126,10 +120,8 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
 static int access_init(void) {
         int r = 0;
 
-        if (avc_open(NULL, 0)) {
-                log_error_errno(errno, "avc_open() failed: %m");
-                return -errno;
-        }
+        if (avc_open(NULL, 0))
+                return log_error_errno(errno, "avc_open() failed: %m");
 
         selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback) audit_callback);
         selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) log_callback);
@@ -205,7 +197,7 @@ int mac_selinux_generic_access_check(
 
         r = sd_bus_query_sender_creds(
                         message,
-                        SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|
+                        SD_BUS_CREDS_PID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|
                         SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
                         SD_BUS_CREDS_SELINUX_CONTEXT|
                         SD_BUS_CREDS_AUGMENT /* get more bits from /proc */,