X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcore%2Fdbus-unit.c;h=3d3458bed7de2fd13f30a02c26117132a2c38861;hp=fdfa5ee200c642a961e958cce86f8389528a15f0;hb=aba15a0391a04d5444319a609737c6b05f71e7c9;hpb=c53158818d8cdaf46b3f1b5299b9bda118a1043f diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c index fdfa5ee20..3d3458bed 100644 --- a/src/core/dbus-unit.c +++ b/src/core/dbus-unit.c @@ -26,6 +26,7 @@ #include "dbus-unit.h" #include "bus-errors.h" #include "dbus-common.h" +#include "selinux-access.h" const char bus_unit_interface[] _introspect_("Unit") = BUS_UNIT_INTERFACE; @@ -411,9 +412,19 @@ static DBusHandlerResult bus_unit_message_dispatch(Unit *u, DBusConnection *conn JobType job_type = _JOB_TYPE_INVALID; char *path = NULL; bool reload_if_possible = false; + int r; dbus_error_init(&error); + r = selinux_unit_access_check( + connection, + message, + m, + u->source_path ? u->source_path : u->fragment_path, + &error); + if (r < 0) + return bus_send_error_reply(connection, message, &error, r); + if (dbus_message_is_method_call(message, "org.freedesktop.systemd1.Unit", "Start")) job_type = JOB_START; else if (dbus_message_is_method_call(message, "org.freedesktop.systemd1.Unit", "Stop")) @@ -434,7 +445,6 @@ static DBusHandlerResult bus_unit_message_dispatch(Unit *u, DBusConnection *conn const char *swho; int32_t signo; KillWho who; - int r; if (!dbus_message_get_args( message, @@ -479,7 +489,6 @@ static DBusHandlerResult bus_unit_message_dispatch(Unit *u, DBusConnection *conn const char *smode; JobMode mode; Job *j; - int r; if ((job_type == JOB_START && u->refuse_manual_start) || (job_type == JOB_STOP && u->refuse_manual_stop) ||