diff options
| author | Sven Eden <yamakuzure@gmx.net> | 2017-04-27 11:30:28 +0200 |
|---|---|---|
| committer | Sven Eden <yamakuzure@gmx.net> | 2017-05-17 15:22:16 +0200 |
| commit | 66ecc207e203db5434610395cd04c40ae8727b58 (patch) | |
| tree | 4808a261a6e58dcdbc9e8616f18cce65b2a49b83 /src/basic/selinux-util.c | |
| parent | 4f8a2329ef626675895974d53a6afad68a0d255a (diff) | |
Prep v229: Add missing fixes from upstream [1/6] src/basic
Diffstat (limited to 'src/basic/selinux-util.c')
| -rw-r--r-- | src/basic/selinux-util.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c index 03787ab75..700b2e829 100644 --- a/src/basic/selinux-util.c +++ b/src/basic/selinux-util.c @@ -1,5 +1,3 @@ -/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ - /*** This file is part of systemd. @@ -55,7 +53,7 @@ static struct selabel_handle *label_hnd = NULL; #define log_enforcing(...) log_full(security_getenforce() == 1 ? LOG_ERR : LOG_DEBUG, __VA_ARGS__) #endif -bool mac_selinux_use(void) { +bool mac_selinux_have(void) { #ifdef HAVE_SELINUX if (cached_use < 0) cached_use = is_selinux_enabled() > 0; @@ -66,6 +64,16 @@ bool mac_selinux_use(void) { #endif } +bool mac_selinux_use(void) { + if (!mac_selinux_have()) + return false; + + /* Never try to configure SELinux features if we aren't + * root */ + + return getuid() == 0; +} + #if 0 /// UNNEEDED by elogind void mac_selinux_retest(void) { #ifdef HAVE_SELINUX @@ -210,7 +218,7 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) { assert(exe); assert(label); - if (!mac_selinux_use()) + if (!mac_selinux_have()) return -EOPNOTSUPP; r = getcon_raw(&mycon); @@ -236,7 +244,7 @@ int mac_selinux_get_our_label(char **label) { assert(label); #ifdef HAVE_SELINUX - if (!mac_selinux_use()) + if (!mac_selinux_have()) return -EOPNOTSUPP; r = getcon_raw(label); @@ -260,7 +268,7 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char * assert(exe); assert(label); - if (!mac_selinux_use()) + if (!mac_selinux_have()) return -EOPNOTSUPP; r = getcon_raw(&mycon); @@ -315,7 +323,7 @@ char* mac_selinux_free(char *label) { if (!label) return NULL; - if (!mac_selinux_use()) + if (!mac_selinux_have()) return NULL; |