From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 10 Feb 2017 10:54:18 +0000 (+0100)
Subject: dbus: check selinux privilege before returning process list
X-Git-Tag: v233~116^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=807fa5d9a01b2bd80ac821d3a165bfef0323c20c;p=thirdparty%2Fsystemd.git

dbus: check selinux privilege before returning process list

We protect less interetsing stuff with selinux "status", let's do that
here too.
---

diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 60e889e1eff..f1306a023f5 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1006,6 +1006,10 @@ int bus_unit_method_get_processes(sd_bus_message *message, void *userdata, sd_bu
 
         assert(message);
 
+        r = mac_selinux_unit_access_check(u, message, "status", error);
+        if (r < 0)
+                return r;
+
         pids = set_new(NULL);
         if (!pids)
                 return -ENOMEM;