summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2015-03-21 18:50:10 -0400
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2015-03-21 19:55:33 -0400
commitdf823e23f04da832ad5fc078176f8c26597a9845 (patch)
tree6fc5899156fa2a3107467768817c05dc5d3c1c60
parent192b98b8fe73c8fb4bb3d6540deb93f5fb6eb9d2 (diff)
core: make SELinux enable/disable check symmetric
We'd use the generic check for disable, and a unit-file-specific one for enable. Use the more specific one both ways. systemd[1]: SELinux access check scon=system_u:system_r:systemd_timedated_t:s0 tcon=system_u:system_r:init_t:s0 tclass=system perm=disable path=(null) cmdline=/usr/lib/systemd/systemd-timedated: -13 systemd[1]: SELinux access check scon=system_u:system_r:systemd_timedated_t:s0 tcon=system_u:object_r:systemd_unit_file_t:s0 tclass=service perm=enable path=/usr/lib/systemd/system/systemd-timesyncd.service cmdline=/usr/lib/systemd/systemd-timedated: -13 https://bugzilla.redhat.com/show_bug.cgi?id=1014315
-rw-r--r--src/core/dbus-manager.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 76901c7f1..1b26e5556 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -1799,15 +1799,15 @@ static int method_disable_unit_files_generic(
assert(message);
assert(m);
- r = mac_selinux_access_check(message, verb, error);
+ r = sd_bus_message_read_strv(message, &l);
if (r < 0)
return r;
- r = sd_bus_message_read_strv(message, &l);
+ r = sd_bus_message_read(message, "b", &runtime);
if (r < 0)
return r;
- r = sd_bus_message_read(message, "b", &runtime);
+ r = mac_selinux_unit_access_check_strv(l, message, m, verb, error);
if (r < 0)
return r;