rpms/dbus
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Reverse we_were_root check to setpcap if we were root. Also only init

Browse Source 
audit if we were root. So error dbus message will not show up when
    policy reload happens. dbus -session will no longer try to send audit
    message, only system will.
This commit is contained in:
Daniel J Walsh 2007-09-14 13:11:38 +00:00
parent c876738420
commit 4cd56ddddd
2 changed files with 64 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
dbus-1.1.2-audit-user.patch Normal file
View File

@ -0,0 +1,55 @@
diff -up dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c.audit-user dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c
--- dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c.audit-user 2007-07-24 11:39:09.000000000 -0400
+++ dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c 2007-09-14 09:00:24.000000000 -0400
@@ -300,7 +300,7 @@ _dbus_change_to_daemon_user (const char
* run as ... doesn't really help. But keeps people happy.
*/
- if (!we_were_root)
+ if (we_were_root)
{
cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE };
cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID };
@@ -376,7 +376,7 @@ _dbus_change_to_daemon_user (const char
}
#ifdef HAVE_LIBAUDIT
- if (!we_were_root)
+ if (we_were_root)
{
if (cap_set_proc (new_caps))
{
@@ -395,6 +395,7 @@ _dbus_change_to_daemon_user (const char
_dbus_strerror (errno));
return FALSE;
}
+ audit_init();
}
#endif
diff -up dbus-1.1.2/bus/selinux.c.audit-user dbus-1.1.2/bus/selinux.c
--- dbus-1.1.2/bus/selinux.c.audit-user 2007-07-24 11:39:08.000000000 -0400
+++ dbus-1.1.2/bus/selinux.c 2007-09-14 08:31:14.000000000 -0400
@@ -113,7 +113,7 @@ static const struct avc_lock_callback lo
static int audit_fd = -1;
#endif
-static void
+void
audit_init(void)
{
#ifdef HAVE_LIBAUDIT
@@ -350,12 +350,8 @@ bus_selinux_full_init (void)
freecon (bus_context);
- audit_init ();
-
- return TRUE;
-#else
- return TRUE;
#endif /* HAVE_SELINUX */
+ return TRUE;
}
/**

10
dbus.spec
View File

@ -8,7 +8,7 @@
Summary: D-BUS message bus Summary: D-BUS message bus
Name: dbus Name: dbus
Version: 1.1.2 Version: 1.1.2
Release: 4%{?dist} Release: 5%{?dist}
URL: http://www.freedesktop.org/software/dbus/ URL: http://www.freedesktop.org/software/dbus/
Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
Source1: doxygen_to_devhelp.xsl Source1: doxygen_to_devhelp.xsl
@ -37,6 +37,7 @@ Patch0: dbus-0.60-start-early.patch
Patch1: dbus-1.0.1-generate-xml-docs.patch Patch1: dbus-1.0.1-generate-xml-docs.patch
# https://bugs.freedesktop.org/show_bug.cgi?id=11491 # https://bugs.freedesktop.org/show_bug.cgi?id=11491
Patch2: dbus-1.0.2-lsb.patch Patch2: dbus-1.0.2-lsb.patch
Patch3: dbus-1.1.2-audit-user.patch
%description %description
@ -79,6 +80,7 @@ in this separate package so server systems need not install X.
%patch0 -p1 -b .start-early %patch0 -p1 -b .start-early
%patch1 -p1 -b .generate-xml-docs %patch1 -p1 -b .generate-xml-docs
%patch2 -p1 -b .lsb %patch2 -p1 -b .lsb
%patch3 -p1 -b .audit-user
autoreconf -f -i autoreconf -f -i
@ -198,6 +200,12 @@ fi
%{_datadir}/devhelp/books/dbus %{_datadir}/devhelp/books/dbus
%changelog %changelog
* Fri Sep 14 2007 Dan Walsh <dwalsh@redhat.com> - 1.1.2-5%{?dist}
- Reverse we_were_root check to setpcap if we were root. Also only init
audit if we were root. So error dbus message will not show up when policy
reload happens. dbus -session will no longer try to send audit message,
only system will.
* Tue Aug 28 2007 David Zeuthen <davidz@redhat.com> - 1.1.2-4%{?dist} * Tue Aug 28 2007 David Zeuthen <davidz@redhat.com> - 1.1.2-4%{?dist}
- Make dbus require dbus-libs (#261721) - Make dbus require dbus-libs (#261721)