Let's ask for the security relevant bits in a race-free way, and augment
the rest from /proc.
assert(m);
assert(bus);
+ /* Let's make sure we have enough credential bits so that we can make security and selinux decisions */
+ r = sd_bus_negotiate_creds(bus, 1,
+ SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|
+ SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS|
+ SD_BUS_CREDS_SELINUX_CONTEXT);
+ if (r < 0)
+ log_warning("Failed to enable credential passing, ignoring: %s", strerror(-r));
+
r = bus_setup_api_vtables(m, bus);
if (r < 0)
return r;
message,
SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|
SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
- SD_BUS_CREDS_SELINUX_CONTEXT,
+ SD_BUS_CREDS_SELINUX_CONTEXT|
+ SD_BUS_CREDS_AUGMENT /* get more bits from /proc */,
&creds);
if (r < 0)
goto finish;
~ianmdlvl / elogind.git / commitdiff