Currently when asked the SELinux context of the owner of
org.freedesktop.DBus, the dbus-daemon is returning an error.
In the same situation when asked about the Unix user or the PID, the
daemon would return its own user or pid. Do the same for the SELinux
context by returning the daemon one.
In particular this avoids an issue seen with systemd --user, where
dbus-daemon responds to UpdateActivationEnvironment() by passing on the
new environment to systemd with o.fd.systemd1.Manager.SetEnvironment(),
but systemd cannot get the caller's SELinux context and so rejects the
SetEnvironment() call.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101315
[smcv: Extend commit message to describe the symptom this fixes]
Reviewed-by: Simon McVittie <smcv@collabora.com>
if (reply == NULL)
goto oom;
- /* FIXME: Obtain the SELinux security context for the bus daemon itself */
- if (found == BUS_DRIVER_FOUND_PEER)
+ if (found == BUS_DRIVER_FOUND_SELF)
+ context = bus_selinux_get_self ();
+ else if (found == BUS_DRIVER_FOUND_PEER)
context = bus_connection_get_selinux_id (conn);
else
context = NULL;
#endif /* HAVE_SELINUX */
}
+BusSELinuxID*
+bus_selinux_get_self (void)
+{
+#ifdef HAVE_SELINUX
+ if(bus_selinux_enabled ())
+ return BUS_SID_FROM_SELINUX (bus_sid);
+ else
+ return NULL;
+#else
+ return NULL;
+#endif /* HAVE_SELINUX */
+}
+
/**
* Do early initialization; determine whether SELinux is enabled.
*/
dbus_bool_t bus_selinux_enabled (void);
+BusSELinuxID *bus_selinux_get_self (void);
+
DBusHashTable* bus_selinux_id_table_new (void);
BusSELinuxID* bus_selinux_id_table_lookup (DBusHashTable *service_table,
const DBusString *service_name);
projects / platform / upstream / dbus.git / commitdiff