path: root/src/basic/selinux-util.h
diff options
authorGary Tierney <>2017-05-02 17:42:19 +0100
committerSven Eden <>2017-07-25 09:46:52 +0200
commite666102220558dbb43210176129b3ea8245c578c (patch)
treefedc9056d8431171f29b5ec35295f389b0d30234 /src/basic/selinux-util.h
parentd5aacbb6077b4e45fd36fbff6843595aa64d2288 (diff)
Revert "selinux: split up mac_selinux_have() from mac_selinux_use()"
This reverts commit 6355e75610a8d47fc3ba5ab8bd442172a2cfe574. The previously mentioned commit inadvertently broke a lot of SELinux related functionality for both unprivileged users and elogind instances running as MANAGER_USER. In particular, setting the correct SELinux context after a User= directive is used would fail to work since we attempt to set the security context after changing UID. Additionally, it causes activated socket units to be mislabeled for elogind --user processes since setsockcreatecon() would never be called. Reverting this fixes the issues with labeling outlined above, and reinstates SELinux access checks on unprivileged user services.
Diffstat (limited to 'src/basic/selinux-util.h')
1 files changed, 0 insertions, 1 deletions
diff --git a/src/basic/selinux-util.h b/src/basic/selinux-util.h
index fa41a65f8..2a71afefa 100644
--- a/src/basic/selinux-util.h
+++ b/src/basic/selinux-util.h
@@ -26,7 +26,6 @@
#include "macro.h"
bool mac_selinux_use(void);
-bool mac_selinux_have(void);
void mac_selinux_retest(void);
int mac_selinux_init(void);