40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From 01a500868f3343489c8b4af08e0e352874bdb04e Mon Sep 17 00:00:00 2001
|
|
From: David Rheinsberg <david@readahead.eu>
|
|
Date: Mon, 12 Jun 2023 12:09:12 +0200
|
|
Subject: [PATCH] util/selinux: follow permissive mode
|
|
|
|
Make sure to follow the rules of enforcing/permissive mode and avoid
|
|
operation denials in permissive mode.
|
|
|
|
Reported-by: Daan De Meyer <daan.j.demeyer@gmail.com>
|
|
Signed-off-by: David Rheinsberg <david@readahead.eu>
|
|
---
|
|
src/util/selinux.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/util/selinux.c b/src/util/selinux.c
|
|
index 4b61ec7..a72cc0a 100644
|
|
--- a/src/util/selinux.c
|
|
+++ b/src/util/selinux.c
|
|
@@ -242,7 +242,7 @@ int bus_selinux_check_own(BusSELinuxRegistry *registry,
|
|
"dbus",
|
|
"acquire_svc",
|
|
NULL);
|
|
- if (r < 0) {
|
|
+ if (r < 0 && bus_selinux_is_enforcing()) {
|
|
/*
|
|
* Treat unknown contexts (possibly due to policy reload)
|
|
* as access denied.
|
|
@@ -289,7 +289,7 @@ int bus_selinux_check_send(BusSELinuxRegistry *registry,
|
|
"dbus",
|
|
"send_msg",
|
|
NULL);
|
|
- if (r < 0) {
|
|
+ if (r < 0 && bus_selinux_is_enforcing()) {
|
|
/*
|
|
* Treat unknown contexts (possibly due to policy reload)
|
|
* as access denied.
|
|
--
|
|
2.33.0
|
|
|