chiark - git - ianmdlvl - elogind.git/commit

bus-proxy: cloning smack label

When dbus client connects to systemd-bus-proxyd through
Unix domain socket proxy takes client's smack label and sets for itself.

It is done before and independent of dropping privileges.

The reason of such soluton is fact that tests of access rights
performed by lsm may take place inside kernel, not only
in userspace of recipient of message.

The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label.

In case of systemd running in system mode, CAP_MAC_ADMIN
should be added to CapabilityBoundingSet in service file of bus-proxyd.

In case of systemd running in user mode ('systemd --user')
it can be achieved by addition
Capabilities=cap_mac_admin=i and SecureBits=keep-caps
to user@.service file
and setting cap_mac_admin+ei on bus-proxyd binary.

author	Przemyslaw Kedzierski <p.kedzierski@samsung.com>
	Tue, 9 Dec 2014 11:17:24 +0000 (12:17 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Tue, 9 Dec 2014 17:23:24 +0000 (18:23 +0100)
commit	dd5ae4c36c89da5dbe8d1628939b26c00db98753
tree	70732de11f8d613b3c3a5117009f9802301774e7	tree \| snapshot
parent	4c213d6cf416917c61f82d8bee795b8f3a4c5372	commit \| diff

Makefile.am		diff \| blob \| history
configure.ac		diff \| blob \| history
src/bus-proxyd/bus-proxyd.c		diff \| blob \| history
src/shared/capability.c		diff \| blob \| history
src/shared/capability.h		diff \| blob \| history
units/systemd-bus-proxyd@.service.m4.in	[moved from units/systemd-bus-proxyd@.service.in with 95% similarity]	diff \| blob \| history
units/user@.service.m4.in	[moved from units/user@.service.in with 87% similarity]	diff \| blob \| history