diff options
author | Laurent Bigonville <bigon@bigon.be> | 2018-05-30 18:18:15 +0200 |
---|---|---|
committer | Laurent Bigonville <bigon@bigon.be> | 2018-11-15 15:59:49 +0100 |
commit | a442601cb2e14f6ff3111fe5a86ebdf4d0dee436 (patch) | |
tree | 798e329f0bd1f727de6abadd3e95b7b55368fa8b /bus | |
parent | 67f7bdf8c2e1df01781a117511517e55292f80c0 (diff) | |
download | dbus-a442601cb2e14f6ff3111fe5a86ebdf4d0dee436.tar.gz |
Use SELINUX_CB_POLICYLOAD instead of AVC_CALLBACK_RESET callback
Use SELINUX_CB_POLICYLOAD instead of AVC_CALLBACK_RESET callback as this
only seems necessary on policy reload and not if the enforcing mode is
changing.
See discussion at https://marc.info/?l=selinux&m=152173501930182&w=2
https://gitlab.freedesktop.org/dbus/dbus/issues/134
Diffstat (limited to 'bus')
-rw-r--r-- | bus/selinux.c | 20 |
1 files changed, 4 insertions, 16 deletions
diff --git a/bus/selinux.c b/bus/selinux.c index c764794c..52cb9866 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -135,14 +135,10 @@ out: * this could have changed. Send a SIGHUP to reload all configs. */ static int -policy_reload_callback (u_int32_t event, security_id_t ssid, - security_id_t tsid, security_class_t tclass, - access_vector_t perms, access_vector_t *out_retained) +policy_reload_callback (int seqno) { - if (event == AVC_CALLBACK_RESET) - return raise (SIGHUP); - - return 0; + _dbus_verbose ("SELinux policy reload callback called, sending SIGHUP\n"); + return raise (SIGHUP); } /** @@ -327,15 +323,7 @@ bus_selinux_full_init (BusContext *context, DBusError *error) goto error; } - if (avc_add_callback (policy_reload_callback, AVC_CALLBACK_RESET, - NULL, NULL, 0, 0) < 0) - { - dbus_set_error (error, DBUS_ERROR_FAILED, - "Failed to add policy reload callback: %s", - _dbus_strerror (errno)); - goto error; - } - + selinux_set_callback (SELINUX_CB_POLICYLOAD, (union selinux_callback) policy_reload_callback); selinux_set_callback (SELINUX_CB_AUDIT, (union selinux_callback) log_audit_callback); selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) log_callback); |