Commit 09aa69e0 authored by John Palmieri's avatar John Palmieri

fd.o bug #12429 Reverse check to setpcap and only init audit if we were root

* patch by Dan Walsh <dwalsh@redhat.com>
* https://bugs.freedesktop.org/show_bug.cgi?id=12429
* Reverse we_were_root check to setpcap if we were root.  Also only init
  audit if we were root.  So error dbus message will not show up when policy
  reload happens.  dbus -session will no longer try to send audit message,
  only system will.
parent a295b2e6
......@@ -113,7 +113,7 @@ static const struct avc_lock_callback lock_cb =
static int audit_fd = -1;
#endif
static void
void
audit_init(void)
{
#ifdef HAVE_LIBAUDIT
......@@ -350,12 +350,8 @@ bus_selinux_full_init (void)
freecon (bus_context);
audit_init ();
return TRUE;
#else
return TRUE;
#endif /* HAVE_SELINUX */
return TRUE;
}
/**
......
......@@ -338,7 +338,7 @@ _dbus_change_to_daemon_user (const char *user,
* run as ... doesn't really help. But keeps people happy.
*/
if (!we_were_root)
if (we_were_root)
{
cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE };
cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID };
......@@ -414,7 +414,7 @@ _dbus_change_to_daemon_user (const char *user,
}
#ifdef HAVE_LIBAUDIT
if (!we_were_root)
if (we_were_root)
{
if (cap_set_proc (new_caps))
{
......@@ -433,6 +433,7 @@ _dbus_change_to_daemon_user (const char *user,
_dbus_strerror (errno));
return FALSE;
}
audit_init();
}
#endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment