* patch by Dan Walsh <dwalsh@redhat.com>
* https://bugs.freedesktop.org/show_bug.cgi?id=12429
* Reverse we_were_root check to setpcap if we were root. Also only init
audit if we were root. So error dbus message will not show up when policy
reload happens. dbus -session will no longer try to send audit message,
only system will.
static int audit_fd = -1;
#endif
-static void
+void
audit_init(void)
{
#ifdef HAVE_LIBAUDIT
freecon (bus_context);
- audit_init ();
-
- return TRUE;
-#else
- return TRUE;
#endif /* HAVE_SELINUX */
+ return TRUE;
}
/**
* run as ... doesn't really help. But keeps people happy.
*/
- if (!we_were_root)
+ if (we_were_root)
{
cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE };
cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID };
}
#ifdef HAVE_LIBAUDIT
- if (!we_were_root)
+ if (we_were_root)
{
if (cap_set_proc (new_caps))
{
_dbus_strerror (errno));
return FALSE;
}
+ audit_init();
}
#endif