diff options
author | Gary Tierney <gary.tierney@gmx.com> | 2017-05-02 17:42:19 +0100 |
---|---|---|
committer | Sven Eden <yamakuzure@gmx.net> | 2017-07-25 09:46:52 +0200 |
commit | e666102220558dbb43210176129b3ea8245c578c (patch) | |
tree | fedc9056d8431171f29b5ec35295f389b0d30234 /src/test | |
parent | d5aacbb6077b4e45fd36fbff6843595aa64d2288 (diff) |
Revert "selinux: split up mac_selinux_have() from mac_selinux_use()"
This reverts commit 6355e75610a8d47fc3ba5ab8bd442172a2cfe574.
The previously mentioned commit inadvertently broke a lot of SELinux related
functionality for both unprivileged users and elogind instances running as
MANAGER_USER. In particular, setting the correct SELinux context after a User=
directive is used would fail to work since we attempt to set the security
context after changing UID. Additionally, it causes activated socket units to
be mislabeled for elogind --user processes since setsockcreatecon() would never
be called.
Reverting this fixes the issues with labeling outlined above, and reinstates
SELinux access checks on unprivileged user services.
Diffstat (limited to 'src/test')
-rw-r--r-- | src/test/test-selinux.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/test/test-selinux.c b/src/test/test-selinux.c index 5687e1e2f..964a228a5 100644 --- a/src/test/test-selinux.c +++ b/src/test/test-selinux.c @@ -35,16 +35,16 @@ static void test_testing(void) { b = mac_selinux_use(); log_info("mac_selinux_use → %s", yes_no(b)); - b = mac_selinux_have(); - log_info("mac_selinux_have → %s", yes_no(b)); + b = mac_selinux_use(); + log_info("mac_selinux_use → %s", yes_no(b)); mac_selinux_retest(); b = mac_selinux_use(); log_info("mac_selinux_use → %s", yes_no(b)); - b = mac_selinux_have(); - log_info("mac_selinux_have → %s", yes_no(b)); + b = mac_selinux_use(); + log_info("mac_selinux_use → %s", yes_no(b)); } static void test_loading(void) { |