231 lines
7.2 KiB
Diff
231 lines
7.2 KiB
Diff
diff -urp dbus-1.2.16.orig/bus/selinux.c dbus-1.2.16/bus/selinux.c
|
|
--- dbus-1.2.16.orig/bus/selinux.c 2009-10-03 08:46:51.000000000 -0400
|
|
+++ dbus-1.2.16/bus/selinux.c 2009-10-03 08:47:26.000000000 -0400
|
|
@@ -45,6 +45,7 @@
|
|
#include <stdarg.h>
|
|
#include <stdio.h>
|
|
#ifdef HAVE_LIBAUDIT
|
|
+#include <cap-ng.h>
|
|
#include <libaudit.h>
|
|
#endif /* HAVE_LIBAUDIT */
|
|
#endif /* HAVE_SELINUX */
|
|
@@ -143,13 +144,17 @@ log_callback (const char *fmt, ...)
|
|
#ifdef HAVE_LIBAUDIT
|
|
if (audit_fd >= 0)
|
|
{
|
|
- char buf[PATH_MAX*2];
|
|
+ capng_get_caps_process();
|
|
+ if (capng_have_capability(CAPNG_EFFECTIVE, CAP_AUDIT_WRITE))
|
|
+ {
|
|
+ char buf[PATH_MAX*2];
|
|
|
|
- /* FIXME: need to change this to show real user */
|
|
- vsnprintf(buf, sizeof(buf), fmt, ap);
|
|
- audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
|
|
+ /* FIXME: need to change this to show real user */
|
|
+ vsnprintf(buf, sizeof(buf), fmt, ap);
|
|
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
|
|
NULL, getuid());
|
|
- return;
|
|
+ return;
|
|
+ }
|
|
}
|
|
#endif /* HAVE_LIBAUDIT */
|
|
|
|
diff -urp dbus-1.2.16.orig/configure.in dbus-1.2.16/configure.in
|
|
--- dbus-1.2.16.orig/configure.in 2009-10-03 08:46:51.000000000 -0400
|
|
+++ dbus-1.2.16/configure.in 2009-10-03 08:47:26.000000000 -0400
|
|
@@ -844,7 +844,7 @@ else
|
|
AC_CHECK_LIB(audit, audit_log_user_avc_message,
|
|
have_libaudit=yes, have_libaudit=no)
|
|
if test x$have_libaudit = xyes ; then
|
|
- AC_CHECK_LIB(cap, cap_set_proc,
|
|
+ AC_CHECK_LIB(cap-ng, capng_clear,
|
|
have_libaudit=yes, have_libaudit=no)
|
|
fi
|
|
fi
|
|
@@ -853,7 +853,7 @@ AM_CONDITIONAL(HAVE_LIBAUDIT, test x$hav
|
|
|
|
if test x$have_libaudit = xyes ; then
|
|
SELINUX_LIBS="$SELINUX_LIBS -laudit"
|
|
- LIBS="-lcap $LIBS"
|
|
+ LIBS="-lcap-ng $LIBS"
|
|
AC_DEFINE(HAVE_LIBAUDIT,1,[audit daemon SELinux support])
|
|
fi
|
|
|
|
diff -urp dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c dbus-1.2.16/dbus/dbus-sysdeps-util-unix.c
|
|
--- dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c 2009-10-03 08:46:51.000000000 -0400
|
|
+++ dbus-1.2.16/dbus/dbus-sysdeps-util-unix.c 2009-10-03 08:52:14.000000000 -0400
|
|
@@ -46,8 +46,7 @@
|
|
#include <syslog.h>
|
|
#include <syslog.h>
|
|
#ifdef HAVE_LIBAUDIT
|
|
-#include <sys/prctl.h>
|
|
-#include <sys/capability.h>
|
|
+#include <cap-ng.h>
|
|
#include <libaudit.h>
|
|
#endif /* HAVE_LIBAUDIT */
|
|
|
|
@@ -323,10 +322,6 @@ _dbus_change_to_daemon_user (const char
|
|
dbus_uid_t uid;
|
|
dbus_gid_t gid;
|
|
DBusString u;
|
|
-#ifdef HAVE_LIBAUDIT
|
|
- dbus_bool_t we_were_root;
|
|
- cap_t new_caps;
|
|
-#endif
|
|
|
|
_dbus_string_init_const (&u, user);
|
|
|
|
@@ -339,123 +334,49 @@ _dbus_change_to_daemon_user (const char
|
|
}
|
|
|
|
#ifdef HAVE_LIBAUDIT
|
|
- we_were_root = _dbus_geteuid () == 0;
|
|
- new_caps = NULL;
|
|
- /* have a tmp set of caps that we use to transition to the usr/grp dbus should
|
|
- * run as ... doesn't really help. But keeps people happy.
|
|
- */
|
|
-
|
|
- if (we_were_root)
|
|
+ /* If we were root */
|
|
+ if (_dbus_geteuid () == 0)
|
|
{
|
|
- cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE };
|
|
- cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID };
|
|
- cap_t tmp_caps = cap_init();
|
|
-
|
|
- if (!tmp_caps || !(new_caps = cap_init ()))
|
|
- {
|
|
- dbus_set_error (error, DBUS_ERROR_FAILED,
|
|
- "Failed to initialize drop of capabilities: %s\n",
|
|
- _dbus_strerror (errno));
|
|
-
|
|
- if (tmp_caps)
|
|
- cap_free (tmp_caps);
|
|
+ int rc;
|
|
|
|
- return FALSE;
|
|
- }
|
|
-
|
|
- /* assume these work... */
|
|
- cap_set_flag (new_caps, CAP_PERMITTED, 1, new_cap_list, CAP_SET);
|
|
- cap_set_flag (new_caps, CAP_EFFECTIVE, 1, new_cap_list, CAP_SET);
|
|
- cap_set_flag (tmp_caps, CAP_PERMITTED, 3, tmp_cap_list, CAP_SET);
|
|
- cap_set_flag (tmp_caps, CAP_EFFECTIVE, 3, tmp_cap_list, CAP_SET);
|
|
-
|
|
- if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
|
|
+ capng_clear(CAPNG_SELECT_BOTH);
|
|
+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
|
|
+ CAP_AUDIT_WRITE);
|
|
+ rc = capng_change_id(uid, gid, 0);
|
|
+ if (rc)
|
|
{
|
|
- dbus_set_error (error, _dbus_error_from_errno (errno),
|
|
- "Failed to set keep-capabilities: %s\n",
|
|
- _dbus_strerror (errno));
|
|
- cap_free (tmp_caps);
|
|
- goto fail;
|
|
- }
|
|
-
|
|
- if (cap_set_proc (tmp_caps) == -1)
|
|
- {
|
|
- dbus_set_error (error, DBUS_ERROR_FAILED,
|
|
+ switch (rc) {
|
|
+ default:
|
|
+ dbus_set_error (error, DBUS_ERROR_FAILED,
|
|
"Failed to drop capabilities: %s\n",
|
|
_dbus_strerror (errno));
|
|
- cap_free (tmp_caps);
|
|
- goto fail;
|
|
- }
|
|
- cap_free (tmp_caps);
|
|
- }
|
|
-#endif /* HAVE_LIBAUDIT */
|
|
-
|
|
- /* setgroups() only works if we are a privileged process,
|
|
- * so we don't return error on failure; the only possible
|
|
- * failure is that we don't have perms to do it.
|
|
- *
|
|
- * not sure this is right, maybe if setuid()
|
|
- * is going to work then setgroups() should also work.
|
|
- */
|
|
- if (setgroups (0, NULL) < 0)
|
|
- _dbus_warn ("Failed to drop supplementary groups: %s\n",
|
|
- _dbus_strerror (errno));
|
|
-
|
|
- /* Set GID first, or the setuid may remove our permission
|
|
- * to change the GID
|
|
- */
|
|
- if (setgid (gid) < 0)
|
|
- {
|
|
- dbus_set_error (error, _dbus_error_from_errno (errno),
|
|
+ break;
|
|
+ case -4:
|
|
+ dbus_set_error (error, _dbus_error_from_errno (errno),
|
|
"Failed to set GID to %lu: %s", gid,
|
|
_dbus_strerror (errno));
|
|
- goto fail;
|
|
- }
|
|
-
|
|
- if (setuid (uid) < 0)
|
|
- {
|
|
- dbus_set_error (error, _dbus_error_from_errno (errno),
|
|
+ break;
|
|
+ case -5:
|
|
+ _dbus_warn ("Failed to drop supplementary groups: %s\n",
|
|
+ _dbus_strerror (errno));
|
|
+ break;
|
|
+ case -6:
|
|
+ dbus_set_error (error, _dbus_error_from_errno (errno),
|
|
"Failed to set UID to %lu: %s", uid,
|
|
_dbus_strerror (errno));
|
|
- goto fail;
|
|
- }
|
|
-
|
|
-#ifdef HAVE_LIBAUDIT
|
|
- if (we_were_root)
|
|
- {
|
|
- if (cap_set_proc (new_caps))
|
|
- {
|
|
- dbus_set_error (error, DBUS_ERROR_FAILED,
|
|
- "Failed to drop capabilities: %s\n",
|
|
- _dbus_strerror (errno));
|
|
- goto fail;
|
|
- }
|
|
- cap_free (new_caps);
|
|
-
|
|
- /* should always work, if it did above */
|
|
- if (prctl (PR_SET_KEEPCAPS, 0, 0, 0, 0) == -1)
|
|
- {
|
|
- dbus_set_error (error, _dbus_error_from_errno (errno),
|
|
+ break;
|
|
+ case -7:
|
|
+ dbus_set_error (error, _dbus_error_from_errno (errno),
|
|
"Failed to unset keep-capabilities: %s\n",
|
|
_dbus_strerror (errno));
|
|
+ break;
|
|
+ }
|
|
return FALSE;
|
|
}
|
|
}
|
|
-#endif
|
|
+#endif /* HAVE_LIBAUDIT */
|
|
|
|
return TRUE;
|
|
-
|
|
- fail:
|
|
-#ifdef HAVE_LIBAUDIT
|
|
- if (!we_were_root)
|
|
- {
|
|
- /* should always work, if it did above */
|
|
- prctl (PR_SET_KEEPCAPS, 0, 0, 0, 0);
|
|
- cap_free (new_caps);
|
|
- }
|
|
-#endif
|
|
-
|
|
- return FALSE;
|
|
}
|
|
|
|
void
|