Quoting Lennart Poettering in
https://github.com/systemd/systemd/pull/6464#issuecomment-
319029293:
> If the kernel allows us to query that data we should also be Ok with passing
> it on to our own caller, regardless if selinux is technically on or off...
The advantage is that this allows gcc to be smarter and reduce linkage:
(before)$ ldd build/libnss_systemd.so.2
linux-vdso.so.1 (0x00007ffeb46ff000)
librt.so.1 => /lib64/librt.so.1 (0x00007f2f60da6000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f2f60ba1000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f2f60978000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2f60759000)
libc.so.6 => /lib64/libc.so.6 (0x00007f2f60374000)
/lib64/ld-linux-x86-64.so.2 (0x00007f2f61294000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f2f600f0000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f2f5feec000)
(after )$ ldd build/libnss_systemd.so.2
linux-vdso.so.1 (0x00007ffe5f543000)
librt.so.1 => /lib64/librt.so.1 (0x00007f427dcaa000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f427daa5000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f427d886000)
libc.so.6 => /lib64/libc.so.6 (0x00007f427d4a1000)
/lib64/ld-linux-x86-64.so.2 (0x00007f427e196000)
Note that this only works in conjuction with the previous commit: either
of the two commits alone does not have the desired effect on linkage.
Replaces #6464.
b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0;
/* Get the SELinux context of the peer */
- if (mac_selinux_use()) {
- r = getpeersec(b->input_fd, &b->label);
- if (r < 0 && r != -EOPNOTSUPP)
- log_debug_errno(r, "Failed to determine peer security context: %m");
- }
+ r = getpeersec(b->input_fd, &b->label);
+ if (r < 0 && r != -EOPNOTSUPP)
+ log_debug_errno(r, "Failed to determine peer security context: %m");
}
static int bus_socket_start_auth_client(sd_bus *b) {