diff options
author | Colin Walters <walters@verbum.org> | 2004-11-02 20:27:48 +0000 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2004-11-02 20:27:48 +0000 |
commit | 73ffe59d87864d61b9d22f199fc6375840bf39bb (patch) | |
tree | 2678c957ba9300cd075252562012f6f4efb6bff2 | |
parent | c7417009b1fe78fdad1ea2c397ecc1e656c33799 (diff) |
2004-11-02 Colin Walters <walters@verbum.org>
* bus/selinux.c (bus_selinux_init): Split into two functions,
bus_selinux_pre_init and bus_selinux_post_init.
(bus_selinux_pre_init): Just determine whether SELinux is
enabled.
(bus_selinux_post_init): Do everything else.
* bus/main.c (main): Call bus_selinux_pre_init before parsing
config file, and bus_selinux_post_init after. This ensures that
we don't lose the policyreload notification thread that
bus_selinux_init created before forking previously.
* bus/test-main.c (test_pre_hook): Update for split.
-rw-r--r-- | ChangeLog | 15 | ||||
-rw-r--r-- | bus/main.c | 10 | ||||
-rw-r--r-- | bus/selinux.c | 23 | ||||
-rw-r--r-- | bus/selinux.h | 3 | ||||
-rw-r--r-- | bus/test-main.c | 4 |
5 files changed, 48 insertions, 7 deletions
@@ -1,3 +1,18 @@ +2004-11-02 Colin Walters <walters@verbum.org> + + * bus/selinux.c (bus_selinux_init): Split into two functions, + bus_selinux_pre_init and bus_selinux_post_init. + (bus_selinux_pre_init): Just determine whether SELinux is + enabled. + (bus_selinux_post_init): Do everything else. + + * bus/main.c (main): Call bus_selinux_pre_init before parsing + config file, and bus_selinux_post_init after. This ensures that + we don't lose the policyreload notification thread that + bus_selinux_init created before forking previously. + + * bus/test-main.c (test_pre_hook): Update for split. + 2004-10-31 Owen Fraser-Green <owen@discobabe.net> Patch from Johan Fischer <linux@fischaz.com> @@ -377,9 +377,9 @@ main (int argc, char **argv) } _dbus_string_free (&pid_fd); - if (!bus_selinux_init ()) + if (!bus_selinux_pre_init ()) { - _dbus_warn ("SELinux initialization failed\n"); + _dbus_warn ("SELinux pre-initialization failed\n"); exit (1); } @@ -396,6 +396,12 @@ main (int argc, char **argv) exit (1); } + if (!bus_selinux_full_init ()) + { + _dbus_warn ("SELinux initialization failed\n"); + exit (1); + } + setup_reload_pipe (bus_context_get_loop (context)); _dbus_set_signal_handler (SIGHUP, signal_handler); diff --git a/bus/selinux.c b/bus/selinux.c index de68da33..96acddfe 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -205,11 +205,10 @@ bus_selinux_enabled (void) } /** - * Initialize the user space access vector cache (AVC) for D-BUS and set up - * logging callbacks. + * Do early initialization; determine whether SELinux is enabled. */ dbus_bool_t -bus_selinux_init (void) +bus_selinux_pre_init (void) { #ifdef HAVE_SELINUX int r; @@ -227,7 +226,25 @@ bus_selinux_init (void) } selinux_enabled = r != 0; + return TRUE; +#else + return TRUE; +#endif +} + +/** + * Initialize the user space access vector cache (AVC) for D-BUS and set up + * logging callbacks. + */ +dbus_bool_t +bus_selinux_full_init (void) +{ +#ifdef HAVE_SELINUX + int r; + char *bus_context; + _dbus_assert (bus_sid == SECSID_WILD); + if (!selinux_enabled) { _dbus_verbose ("SELinux not enabled in this kernel.\n"); diff --git a/bus/selinux.h b/bus/selinux.h index 886f9c71..13122520 100644 --- a/bus/selinux.h +++ b/bus/selinux.h @@ -27,7 +27,8 @@ #include <dbus/dbus-connection.h> #include "services.h" -dbus_bool_t bus_selinux_init (void); +dbus_bool_t bus_selinux_pre_init (void); +dbus_bool_t bus_selinux_full_init(void); void bus_selinux_shutdown (void); dbus_bool_t bus_selinux_enabled (void); diff --git a/bus/test-main.c b/bus/test-main.c index 4043f6ed..14e35f5f 100644 --- a/bus/test-main.c +++ b/bus/test-main.c @@ -56,7 +56,9 @@ static void test_pre_hook (void) { - if (_dbus_getenv ("DBUS_TEST_SELINUX") && !bus_selinux_init ()) + if (_dbus_getenv ("DBUS_TEST_SELINUX") + && !bus_selinux_pre_init () + && !bus_selinux_full_init ()) die ("could not init selinux support"); } |