diff options
Diffstat (limited to 'src/core/selinux-access.c')
| -rw-r--r-- | src/core/selinux-access.c | 28 |
1 files changed, 13 insertions, 15 deletions
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c index 6dfe8b45f3..426aed07d2 100644 --- a/src/core/selinux-access.c +++ b/src/core/selinux-access.c @@ -104,8 +104,6 @@ static int bus_get_selinux_security_context( *scon = b; - log_debug("GetConnectionSELinuxSecurityContext %s (pid %ld)", *scon, (long) bus_get_unix_process_id(connection, name, error)); - return 0; } @@ -134,7 +132,7 @@ static int bus_get_audit_data( if (r < 0) return r; - r = get_process_cmdline(pid, LINE_MAX, true, &audit->cmdline); + r = get_process_cmdline(pid, 0, true, &audit->cmdline); if (r < 0) return r; @@ -176,20 +174,25 @@ static int audit_callback( user_avc's into the /var/log/audit/audit.log, otherwise they will be sent to syslog. */ -static int log_callback(int type, const char *fmt, ...) { +_printf_attr_(2, 3) static int log_callback(int type, const char *fmt, ...) { va_list ap; va_start(ap, fmt); #ifdef HAVE_AUDIT if (get_audit_fd() >= 0) { - char buf[LINE_MAX]; + _cleanup_free_ char *buf = NULL; + int r; - vsnprintf(buf, sizeof(buf), fmt, ap); - audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0); + r = vasprintf(&buf, fmt, ap); va_end(ap); - return 0; + if (r >= 0) { + audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0); + return 0; + } + + va_start(ap, fmt); } #endif log_metav(LOG_USER | LOG_INFO, __FILE__, __LINE__, __FUNCTION__, fmt, ap); @@ -258,7 +261,7 @@ static int get_audit_data( const char *sender; int r, fd; struct ucred ucred; - socklen_t len; + socklen_t len = sizeof(ucred); sender = dbus_message_get_sender(message); if (sender) @@ -280,7 +283,7 @@ static int get_audit_data( if (r < 0) return r; - r = get_process_cmdline(ucred.pid, LINE_MAX, true, &audit->cmdline); + r = get_process_cmdline(ucred.pid, 0, true, &audit->cmdline); if (r < 0) return r; @@ -308,8 +311,6 @@ static int get_calling_context( */ sender = dbus_message_get_sender(message); if (sender) { - log_error("SELinux Got Sender %s", sender); - r = bus_get_selinux_security_context(connection, sender, scon, error); if (r >= 0) return r; @@ -318,7 +319,6 @@ static int get_calling_context( return r; } - log_debug("SELinux No Sender"); if (!dbus_connection_get_unix_fd(connection, &fd)) { log_error("bus_connection_get_unix_fd failed %m"); return -EINVAL; @@ -363,8 +363,6 @@ int selinux_access_check( if (r < 0) return r; - log_debug("SELinux access check for path=%s permission=%s", strna(path), permission); - audit.uid = audit.loginuid = (uid_t) -1; audit.gid = (gid_t) -1; audit.cmdline = NULL; |