From df823e23f04da832ad5fc078176f8c26597a9845 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 21 Mar 2015 18:50:10 -0400 Subject: core: make SELinux enable/disable check symmetric We'd use the generic check for disable, and a unit-file-specific one for enable. Use the more specific one both ways. systemd[1]: SELinux access check scon=system_u:system_r:systemd_timedated_t:s0 tcon=system_u:system_r:init_t:s0 tclass=system perm=disable path=(null) cmdline=/usr/lib/systemd/systemd-timedated: -13 systemd[1]: SELinux access check scon=system_u:system_r:systemd_timedated_t:s0 tcon=system_u:object_r:systemd_unit_file_t:s0 tclass=service perm=enable path=/usr/lib/systemd/system/systemd-timesyncd.service cmdline=/usr/lib/systemd/systemd-timedated: -13 https://bugzilla.redhat.com/show_bug.cgi?id=1014315 --- src/core/dbus-manager.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/core') diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index 76901c7f1..1b26e5556 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -1799,15 +1799,15 @@ static int method_disable_unit_files_generic( assert(message); assert(m); - r = mac_selinux_access_check(message, verb, error); + r = sd_bus_message_read_strv(message, &l); if (r < 0) return r; - r = sd_bus_message_read_strv(message, &l); + r = sd_bus_message_read(message, "b", &runtime); if (r < 0) return r; - r = sd_bus_message_read(message, "b", &runtime); + r = mac_selinux_unit_access_check_strv(l, message, m, verb, error); if (r < 0) return r; -- cgit v1.2.3