diff -urp dbus-1.2.16.orig/bus/selinux.c dbus-1.2.16/bus/selinux.c --- dbus-1.2.16.orig/bus/selinux.c 2009-10-03 08:46:51.000000000 -0400 +++ dbus-1.2.16/bus/selinux.c 2009-10-03 08:47:26.000000000 -0400 @@ -45,6 +45,7 @@ #include #include #ifdef HAVE_LIBAUDIT +#include #include #endif /* HAVE_LIBAUDIT */ #endif /* HAVE_SELINUX */ @@ -143,13 +144,17 @@ log_callback (const char *fmt, ...) #ifdef HAVE_LIBAUDIT if (audit_fd >= 0) { - char buf[PATH_MAX*2]; + capng_get_caps_process(); + if (capng_have_capability(CAPNG_EFFECTIVE, CAP_AUDIT_WRITE)) + { + char buf[PATH_MAX*2]; - /* FIXME: need to change this to show real user */ - vsnprintf(buf, sizeof(buf), fmt, ap); - audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, + /* FIXME: need to change this to show real user */ + vsnprintf(buf, sizeof(buf), fmt, ap); + audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, getuid()); - return; + return; + } } #endif /* HAVE_LIBAUDIT */ diff -urp dbus-1.2.16.orig/configure.in dbus-1.2.16/configure.in --- dbus-1.2.16.orig/configure.in 2009-10-03 08:46:51.000000000 -0400 +++ dbus-1.2.16/configure.in 2009-10-03 08:47:26.000000000 -0400 @@ -844,7 +844,7 @@ else AC_CHECK_LIB(audit, audit_log_user_avc_message, have_libaudit=yes, have_libaudit=no) if test x$have_libaudit = xyes ; then - AC_CHECK_LIB(cap, cap_set_proc, + AC_CHECK_LIB(cap-ng, capng_clear, have_libaudit=yes, have_libaudit=no) fi fi @@ -853,7 +853,7 @@ AM_CONDITIONAL(HAVE_LIBAUDIT, test x$hav if test x$have_libaudit = xyes ; then SELINUX_LIBS="$SELINUX_LIBS -laudit" - LIBS="-lcap $LIBS" + LIBS="-lcap-ng $LIBS" AC_DEFINE(HAVE_LIBAUDIT,1,[audit daemon SELinux support]) fi diff -urp dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c dbus-1.2.16/dbus/dbus-sysdeps-util-unix.c --- dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c 2009-10-03 08:46:51.000000000 -0400 +++ dbus-1.2.16/dbus/dbus-sysdeps-util-unix.c 2009-10-03 08:52:14.000000000 -0400 @@ -46,8 +46,7 @@ #include #include #ifdef HAVE_LIBAUDIT -#include -#include +#include #include #endif /* HAVE_LIBAUDIT */ @@ -323,10 +322,6 @@ _dbus_change_to_daemon_user (const char dbus_uid_t uid; dbus_gid_t gid; DBusString u; -#ifdef HAVE_LIBAUDIT - dbus_bool_t we_were_root; - cap_t new_caps; -#endif _dbus_string_init_const (&u, user); @@ -339,123 +334,49 @@ _dbus_change_to_daemon_user (const char } #ifdef HAVE_LIBAUDIT - we_were_root = _dbus_geteuid () == 0; - new_caps = NULL; - /* have a tmp set of caps that we use to transition to the usr/grp dbus should - * run as ... doesn't really help. But keeps people happy. - */ - - if (we_were_root) + /* If we were root */ + if (_dbus_geteuid () == 0) { - cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE }; - cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID }; - cap_t tmp_caps = cap_init(); - - if (!tmp_caps || !(new_caps = cap_init ())) - { - dbus_set_error (error, DBUS_ERROR_FAILED, - "Failed to initialize drop of capabilities: %s\n", - _dbus_strerror (errno)); - - if (tmp_caps) - cap_free (tmp_caps); + int rc; - return FALSE; - } - - /* assume these work... */ - cap_set_flag (new_caps, CAP_PERMITTED, 1, new_cap_list, CAP_SET); - cap_set_flag (new_caps, CAP_EFFECTIVE, 1, new_cap_list, CAP_SET); - cap_set_flag (tmp_caps, CAP_PERMITTED, 3, tmp_cap_list, CAP_SET); - cap_set_flag (tmp_caps, CAP_EFFECTIVE, 3, tmp_cap_list, CAP_SET); - - if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) + capng_clear(CAPNG_SELECT_BOTH); + capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, + CAP_AUDIT_WRITE); + rc = capng_change_id(uid, gid, 0); + if (rc) { - dbus_set_error (error, _dbus_error_from_errno (errno), - "Failed to set keep-capabilities: %s\n", - _dbus_strerror (errno)); - cap_free (tmp_caps); - goto fail; - } - - if (cap_set_proc (tmp_caps) == -1) - { - dbus_set_error (error, DBUS_ERROR_FAILED, + switch (rc) { + default: + dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to drop capabilities: %s\n", _dbus_strerror (errno)); - cap_free (tmp_caps); - goto fail; - } - cap_free (tmp_caps); - } -#endif /* HAVE_LIBAUDIT */ - - /* setgroups() only works if we are a privileged process, - * so we don't return error on failure; the only possible - * failure is that we don't have perms to do it. - * - * not sure this is right, maybe if setuid() - * is going to work then setgroups() should also work. - */ - if (setgroups (0, NULL) < 0) - _dbus_warn ("Failed to drop supplementary groups: %s\n", - _dbus_strerror (errno)); - - /* Set GID first, or the setuid may remove our permission - * to change the GID - */ - if (setgid (gid) < 0) - { - dbus_set_error (error, _dbus_error_from_errno (errno), + break; + case -4: + dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to set GID to %lu: %s", gid, _dbus_strerror (errno)); - goto fail; - } - - if (setuid (uid) < 0) - { - dbus_set_error (error, _dbus_error_from_errno (errno), + break; + case -5: + _dbus_warn ("Failed to drop supplementary groups: %s\n", + _dbus_strerror (errno)); + break; + case -6: + dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to set UID to %lu: %s", uid, _dbus_strerror (errno)); - goto fail; - } - -#ifdef HAVE_LIBAUDIT - if (we_were_root) - { - if (cap_set_proc (new_caps)) - { - dbus_set_error (error, DBUS_ERROR_FAILED, - "Failed to drop capabilities: %s\n", - _dbus_strerror (errno)); - goto fail; - } - cap_free (new_caps); - - /* should always work, if it did above */ - if (prctl (PR_SET_KEEPCAPS, 0, 0, 0, 0) == -1) - { - dbus_set_error (error, _dbus_error_from_errno (errno), + break; + case -7: + dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to unset keep-capabilities: %s\n", _dbus_strerror (errno)); + break; + } return FALSE; } } -#endif +#endif /* HAVE_LIBAUDIT */ return TRUE; - - fail: -#ifdef HAVE_LIBAUDIT - if (!we_were_root) - { - /* should always work, if it did above */ - prctl (PR_SET_KEEPCAPS, 0, 0, 0, 0); - cap_free (new_caps); - } -#endif - - return FALSE; } void