From: Laurent Bigonville Date: Wed, 30 May 2018 16:18:15 +0000 (+0200) Subject: Use SELINUX_CB_POLICYLOAD instead of AVC_CALLBACK_RESET callback X-Git-Tag: dbus-1.13.8~35^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a442601cb2e14f6ff3111fe5a86ebdf4d0dee436;p=thirdparty%2Fdbus.git Use SELINUX_CB_POLICYLOAD instead of AVC_CALLBACK_RESET callback Use SELINUX_CB_POLICYLOAD instead of AVC_CALLBACK_RESET callback as this only seems necessary on policy reload and not if the enforcing mode is changing. See discussion at https://marc.info/?l=selinux&m=152173501930182&w=2 https://gitlab.freedesktop.org/dbus/dbus/issues/134 --- diff --git a/bus/selinux.c b/bus/selinux.c index c764794cf..52cb98666 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -135,14 +135,10 @@ out: * this could have changed. Send a SIGHUP to reload all configs. */ static int -policy_reload_callback (u_int32_t event, security_id_t ssid, - security_id_t tsid, security_class_t tclass, - access_vector_t perms, access_vector_t *out_retained) +policy_reload_callback (int seqno) { - if (event == AVC_CALLBACK_RESET) - return raise (SIGHUP); - - return 0; + _dbus_verbose ("SELinux policy reload callback called, sending SIGHUP\n"); + return raise (SIGHUP); } /** @@ -327,15 +323,7 @@ bus_selinux_full_init (BusContext *context, DBusError *error) goto error; } - if (avc_add_callback (policy_reload_callback, AVC_CALLBACK_RESET, - NULL, NULL, 0, 0) < 0) - { - dbus_set_error (error, DBUS_ERROR_FAILED, - "Failed to add policy reload callback: %s", - _dbus_strerror (errno)); - goto error; - } - + selinux_set_callback (SELINUX_CB_POLICYLOAD, (union selinux_callback) policy_reload_callback); selinux_set_callback (SELINUX_CB_AUDIT, (union selinux_callback) log_audit_callback); selinux_set_callback (SELINUX_CB_LOG, (union selinux_callback) log_callback);