Skip to content

Stop using selinux_set_mapping() function

Laurent Bigonville requested to merge bigon/dbus:no-mapping2 into master

Currently, if the "dbus" security class or the associated AV doesn't exist, dbus-daemon fails to initialize and exits immediately. Also the security classes or access vector cannot be reordered in the policy. This can be a problem for people developing their own policy or trying to access a machine where, for some reasons, there is not policy defined at all.

The code here copy the behaviour of the selinux_check_access() function. We cannot use this function here as it doesn't allow us to define the AVC entry reference.

See the discussion at https://marc.info/?l=selinux&m=152163374332372&w=2

Resolves: #198 (closed)

Merge request reports