]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fa07c85)
dbus: check selinux privilege before returning process list
authorLennart Poettering <lennart@poettering.net>
Fri, 10 Feb 2017 10:54:18 +0000 (11:54 +0100)
committerLennart Poettering <lennart@poettering.net>
Fri, 10 Feb 2017 10:54:18 +0000 (11:54 +0100)
We protect less interetsing stuff with selinux "status", let's do that
here too.

src/core/dbus-unit.c patch | blob | blame | history

diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 60e889e1effd8fc7000d9c90c8590b8522da9987..f1306a023f58193954debd2f429046d3dd13bd5e 100644 (file)
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1006,6 +1006,10 @@ int bus_unit_method_get_processes(sd_bus_message *message, void *userdata, sd_bu
 
         assert(message);
 
+        r = mac_selinux_unit_access_check(u, message, "status", error);
+        if (r < 0)
+                return r;
+
         pids = set_new(NULL);
         if (!pids)
                 return -ENOMEM;
Unnamed repository; edit this file 'description' to name the repository.