oddjob

Clone
Source Code
GIT

#4 Skip SELinux operations on D-Bus messages if SELinux is disabled
Merged 3 years ago by nalin. Opened 4 years ago by abbra.
abbra/oddjob bz1578150-handled-selinux-disabled  into  master

file modified
+4 -2 
@@ -49,6 +49,7 @@ 
 

  struct oddjob_dbus_context {
 

  	DBusBusType bustype;
 

  	int reconnect_timeout;
 

+ 	dbus_bool_t selinux_enabled;
 

  	struct oddjob_dbus_service {
 

  		struct oddjob_dbus_context *ctx;
 

  		DBusConnection *conn;
 
@@ -154,7 +155,7 @@ 
 

  

  /* Create a new master state structure. */
 

  struct oddjob_dbus_context *
 

- oddjob_dbus_listeners_new(DBusBusType bustype)
 

+ oddjob_dbus_listeners_new(DBusBusType bustype, dbus_bool_t selinux_enabled)
 

  {
 

  	struct oddjob_dbus_context *ctx;
 

  
@@ -167,6 +168,7 @@ 
 

  	ctx->reconnect_timeout = 0;
 

  	ctx->n_services = 0;
 

  	ctx->services = NULL;
 

+ 	ctx->selinux_enabled = selinux_enabled;
 

  

  	return ctx;
 

  }
 
@@ -712,7 +714,7 @@ 
 

  	}
 

  

  	/* Build our message structure. */
 

- 	msg = oddjob_dbus_message_from_message(conn, message, FALSE, TRUE);
 

+ 	msg = oddjob_dbus_message_from_message(conn, message, FALSE, ctx->selinux_enabled);
 

  	if (msg == NULL) {
 

  		return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
 

  	}

file modified
+1 -1 
@@ -39,7 +39,7 @@ 
 

  struct oddjob_dbus_message;
 

  

  /* Server */
 

- struct oddjob_dbus_context *oddjob_dbus_listeners_new(DBusBusType bus);
 

+ struct oddjob_dbus_context *oddjob_dbus_listeners_new(DBusBusType bus, dbus_bool_t selinux_enabled);
 

  void oddjob_dbus_listeners_reconnect_if_needed(struct oddjob_dbus_context *ctx);
 

  void oddjob_dbus_listeners_set_reconnect_timeout(struct oddjob_dbus_context *ctx,
 

  						 int timeout);

file modified
+3 -3 
@@ -51,7 +51,6 @@ 
 

  #ifdef SELINUX_ACLS
 

  #include <selinux/selinux.h>
 

  #include <selinux/context.h>
 

- #include <selinux/flask.h>
 

  #endif
 

  #include "buffer.h"
 

  #include "common.h"
 
@@ -1973,7 +1972,7 @@ 
 

  			}
 

  			if (security_compute_create((char *) client_secontext,
 

  						    helper_context,
 

- 						    SECCLASS_PROCESS,
 

+ 						    string_to_security_class("process"),
 

  						    &exec_context) != 0) {
 

  				/* Failed to compute exec context? */
 

  				exec_errno = 0xfe;
 
@@ -2985,7 +2984,8 @@ 
 

  	globals.config = config;
 

  

  	/* Open a connection to the message bus. */
 

- 	ctx = oddjob_dbus_listeners_new(options.bus);
 

+ 	check_selinux_applicable();
 

+ 	ctx = oddjob_dbus_listeners_new(options.bus, globals.selinux_enabled);
 

  	if (ctx == NULL) {
 

  		fprintf(stderr, "Error connecting to D-Bus!\n");
 

  		return 2;

Fix rhbz#1578150 by skipping SELinux operations if SELinux is disabled. Most of the code already did that except D-Bus handlers.

Can someone please review this PR so that we can move forward with the proposed fix?

LGTM, merging.

Pull-Request has been merged by nalin
3 years ago
Metadata
None
No Tags
Changes Summary 3
+4 -2
file changed
src/oddjob_dbus.c
+1 -1
file changed
src/oddjob_dbus.h
+3 -3
file changed
src/oddjobd.c
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.