- Reverse we_were_root check to setpcap if we were root. Also only init
audit if we were root. So error dbus message will not show up when policy reload happens. dbus -session will no longer try to send audit message, only system will.
This commit is contained in:
parent
c876738420
commit
4cd56ddddd
55
dbus-1.1.2-audit-user.patch
Normal file
55
dbus-1.1.2-audit-user.patch
Normal file
@ -0,0 +1,55 @@
|
||||
diff -up dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c.audit-user dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c
|
||||
--- dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c.audit-user 2007-07-24 11:39:09.000000000 -0400
|
||||
+++ dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c 2007-09-14 09:00:24.000000000 -0400
|
||||
@@ -300,7 +300,7 @@ _dbus_change_to_daemon_user (const char
|
||||
* run as ... doesn't really help. But keeps people happy.
|
||||
*/
|
||||
|
||||
- if (!we_were_root)
|
||||
+ if (we_were_root)
|
||||
{
|
||||
cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE };
|
||||
cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID };
|
||||
@@ -376,7 +376,7 @@ _dbus_change_to_daemon_user (const char
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBAUDIT
|
||||
- if (!we_were_root)
|
||||
+ if (we_were_root)
|
||||
{
|
||||
if (cap_set_proc (new_caps))
|
||||
{
|
||||
@@ -395,6 +395,7 @@ _dbus_change_to_daemon_user (const char
|
||||
_dbus_strerror (errno));
|
||||
return FALSE;
|
||||
}
|
||||
+ audit_init();
|
||||
}
|
||||
#endif
|
||||
|
||||
diff -up dbus-1.1.2/bus/selinux.c.audit-user dbus-1.1.2/bus/selinux.c
|
||||
--- dbus-1.1.2/bus/selinux.c.audit-user 2007-07-24 11:39:08.000000000 -0400
|
||||
+++ dbus-1.1.2/bus/selinux.c 2007-09-14 08:31:14.000000000 -0400
|
||||
@@ -113,7 +113,7 @@ static const struct avc_lock_callback lo
|
||||
static int audit_fd = -1;
|
||||
#endif
|
||||
|
||||
-static void
|
||||
+void
|
||||
audit_init(void)
|
||||
{
|
||||
#ifdef HAVE_LIBAUDIT
|
||||
@@ -350,12 +350,8 @@ bus_selinux_full_init (void)
|
||||
|
||||
freecon (bus_context);
|
||||
|
||||
- audit_init ();
|
||||
-
|
||||
- return TRUE;
|
||||
-#else
|
||||
- return TRUE;
|
||||
#endif /* HAVE_SELINUX */
|
||||
+ return TRUE;
|
||||
}
|
||||
|
||||
/**
|
10
dbus.spec
10
dbus.spec
@ -8,7 +8,7 @@
|
||||
Summary: D-BUS message bus
|
||||
Name: dbus
|
||||
Version: 1.1.2
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
URL: http://www.freedesktop.org/software/dbus/
|
||||
Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
|
||||
Source1: doxygen_to_devhelp.xsl
|
||||
@ -37,6 +37,7 @@ Patch0: dbus-0.60-start-early.patch
|
||||
Patch1: dbus-1.0.1-generate-xml-docs.patch
|
||||
# https://bugs.freedesktop.org/show_bug.cgi?id=11491
|
||||
Patch2: dbus-1.0.2-lsb.patch
|
||||
Patch3: dbus-1.1.2-audit-user.patch
|
||||
|
||||
%description
|
||||
|
||||
@ -79,6 +80,7 @@ in this separate package so server systems need not install X.
|
||||
%patch0 -p1 -b .start-early
|
||||
%patch1 -p1 -b .generate-xml-docs
|
||||
%patch2 -p1 -b .lsb
|
||||
%patch3 -p1 -b .audit-user
|
||||
|
||||
autoreconf -f -i
|
||||
|
||||
@ -198,6 +200,12 @@ fi
|
||||
%{_datadir}/devhelp/books/dbus
|
||||
|
||||
%changelog
|
||||
* Fri Sep 14 2007 Dan Walsh <dwalsh@redhat.com> - 1.1.2-5%{?dist}
|
||||
- Reverse we_were_root check to setpcap if we were root. Also only init
|
||||
audit if we were root. So error dbus message will not show up when policy
|
||||
reload happens. dbus -session will no longer try to send audit message,
|
||||
only system will.
|
||||
|
||||
* Tue Aug 28 2007 David Zeuthen <davidz@redhat.com> - 1.1.2-4%{?dist}
|
||||
- Make dbus require dbus-libs (#261721)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user