summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Walters <walters@verbum.org>2004-11-02 20:27:48 +0000
committerColin Walters <walters@verbum.org>2004-11-02 20:27:48 +0000
commit73ffe59d87864d61b9d22f199fc6375840bf39bb (patch)
tree2678c957ba9300cd075252562012f6f4efb6bff2
parentc7417009b1fe78fdad1ea2c397ecc1e656c33799 (diff)
2004-11-02 Colin Walters <walters@verbum.org>
* bus/selinux.c (bus_selinux_init): Split into two functions, bus_selinux_pre_init and bus_selinux_post_init. (bus_selinux_pre_init): Just determine whether SELinux is enabled. (bus_selinux_post_init): Do everything else. * bus/main.c (main): Call bus_selinux_pre_init before parsing config file, and bus_selinux_post_init after. This ensures that we don't lose the policyreload notification thread that bus_selinux_init created before forking previously. * bus/test-main.c (test_pre_hook): Update for split.
-rw-r--r--ChangeLog15
-rw-r--r--bus/main.c10
-rw-r--r--bus/selinux.c23
-rw-r--r--bus/selinux.h3
-rw-r--r--bus/test-main.c4
5 files changed, 48 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index 13bbbcf0..1466ac82 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,18 @@
+2004-11-02 Colin Walters <walters@verbum.org>
+
+ * bus/selinux.c (bus_selinux_init): Split into two functions,
+ bus_selinux_pre_init and bus_selinux_post_init.
+ (bus_selinux_pre_init): Just determine whether SELinux is
+ enabled.
+ (bus_selinux_post_init): Do everything else.
+
+ * bus/main.c (main): Call bus_selinux_pre_init before parsing
+ config file, and bus_selinux_post_init after. This ensures that
+ we don't lose the policyreload notification thread that
+ bus_selinux_init created before forking previously.
+
+ * bus/test-main.c (test_pre_hook): Update for split.
+
2004-10-31 Owen Fraser-Green <owen@discobabe.net>
Patch from Johan Fischer <linux@fischaz.com>
diff --git a/bus/main.c b/bus/main.c
index 95727694..296aa63c 100644
--- a/bus/main.c
+++ b/bus/main.c
@@ -377,9 +377,9 @@ main (int argc, char **argv)
}
_dbus_string_free (&pid_fd);
- if (!bus_selinux_init ())
+ if (!bus_selinux_pre_init ())
{
- _dbus_warn ("SELinux initialization failed\n");
+ _dbus_warn ("SELinux pre-initialization failed\n");
exit (1);
}
@@ -396,6 +396,12 @@ main (int argc, char **argv)
exit (1);
}
+ if (!bus_selinux_full_init ())
+ {
+ _dbus_warn ("SELinux initialization failed\n");
+ exit (1);
+ }
+
setup_reload_pipe (bus_context_get_loop (context));
_dbus_set_signal_handler (SIGHUP, signal_handler);
diff --git a/bus/selinux.c b/bus/selinux.c
index de68da33..96acddfe 100644
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -205,11 +205,10 @@ bus_selinux_enabled (void)
}
/**
- * Initialize the user space access vector cache (AVC) for D-BUS and set up
- * logging callbacks.
+ * Do early initialization; determine whether SELinux is enabled.
*/
dbus_bool_t
-bus_selinux_init (void)
+bus_selinux_pre_init (void)
{
#ifdef HAVE_SELINUX
int r;
@@ -227,7 +226,25 @@ bus_selinux_init (void)
}
selinux_enabled = r != 0;
+ return TRUE;
+#else
+ return TRUE;
+#endif
+}
+
+/**
+ * Initialize the user space access vector cache (AVC) for D-BUS and set up
+ * logging callbacks.
+ */
+dbus_bool_t
+bus_selinux_full_init (void)
+{
+#ifdef HAVE_SELINUX
+ int r;
+ char *bus_context;
+ _dbus_assert (bus_sid == SECSID_WILD);
+
if (!selinux_enabled)
{
_dbus_verbose ("SELinux not enabled in this kernel.\n");
diff --git a/bus/selinux.h b/bus/selinux.h
index 886f9c71..13122520 100644
--- a/bus/selinux.h
+++ b/bus/selinux.h
@@ -27,7 +27,8 @@
#include <dbus/dbus-connection.h>
#include "services.h"
-dbus_bool_t bus_selinux_init (void);
+dbus_bool_t bus_selinux_pre_init (void);
+dbus_bool_t bus_selinux_full_init(void);
void bus_selinux_shutdown (void);
dbus_bool_t bus_selinux_enabled (void);
diff --git a/bus/test-main.c b/bus/test-main.c
index 4043f6ed..14e35f5f 100644
--- a/bus/test-main.c
+++ b/bus/test-main.c
@@ -56,7 +56,9 @@ static void
test_pre_hook (void)
{
- if (_dbus_getenv ("DBUS_TEST_SELINUX") && !bus_selinux_init ())
+ if (_dbus_getenv ("DBUS_TEST_SELINUX")
+ && !bus_selinux_pre_init ()
+ && !bus_selinux_full_init ())
die ("could not init selinux support");
}