core: only override kdbus attach mask when running as PID 1

[elogind.git] / src / core / dbus.c

diff --git a/src/core/dbus.c b/src/core/dbus.c
index 9cb198a13a58bb5c8a3ff81e1abb375467564343..e23d36fddcd1bb8f3a81b6dddc4d4103bc1fb9e9 100644 (file)
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -776,6 +776,14 @@ static int bus_setup_api(Manager *m, sd_bus *bus) {
         assert(m);
         assert(bus);
 
+        /* Let's make sure we have enough credential bits so that we can make security and selinux decisions */
+        r = sd_bus_negotiate_creds(bus, 1,
+                                   SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|
+                                   SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS|
+                                   SD_BUS_CREDS_SELINUX_CONTEXT);
+        if (r < 0)
+                log_warning("Failed to enable credential passing, ignoring: %s", strerror(-r));
+
         r = bus_setup_api_vtables(m, bus);
         if (r < 0)
                 return r;
@@ -1180,7 +1188,7 @@ int bus_track_deserialize_item(char ***l, const char *line) {
 
         e = startswith(line, "subscribed=");
         if (!e)
-                return 0;
+                return -EINVAL;
 
         return strv_extend(l, e);
 }