diff options
author | Gary Tierney <gary.tierney@gmx.com> | 2017-05-02 17:42:19 +0100 |
---|---|---|
committer | Sven Eden <yamakuzure@gmx.net> | 2017-07-25 09:46:52 +0200 |
commit | e666102220558dbb43210176129b3ea8245c578c (patch) | |
tree | fedc9056d8431171f29b5ec35295f389b0d30234 /man/sd_booted.xml | |
parent | d5aacbb6077b4e45fd36fbff6843595aa64d2288 (diff) |
Revert "selinux: split up mac_selinux_have() from mac_selinux_use()"
This reverts commit 6355e75610a8d47fc3ba5ab8bd442172a2cfe574.
The previously mentioned commit inadvertently broke a lot of SELinux related
functionality for both unprivileged users and elogind instances running as
MANAGER_USER. In particular, setting the correct SELinux context after a User=
directive is used would fail to work since we attempt to set the security
context after changing UID. Additionally, it causes activated socket units to
be mislabeled for elogind --user processes since setsockcreatecon() would never
be called.
Reverting this fixes the issues with labeling outlined above, and reinstates
SELinux access checks on unprivileged user services.
Diffstat (limited to 'man/sd_booted.xml')
0 files changed, 0 insertions, 0 deletions