59 lines
1.5 KiB
Diff
59 lines
1.5 KiB
Diff
From c7d409cebf86b1c71192fd79ec5f5582f4f00f30 Mon Sep 17 00:00:00 2001
|
|
From: Radovan Sroka <rsroka@redhat.com>
|
|
Date: Tue, 2 Jun 2020 21:24:28 +0200
|
|
Subject: [PATCH] Ignore db errors from check_trust_database() (#70)
|
|
|
|
- mark every subject and object as not trusted
|
|
when it is not possible to do a query
|
|
|
|
- previously, when error occurred then subject or
|
|
object was actually considered to be trusted
|
|
|
|
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
|
|
---
|
|
src/library/event.c | 23 +++++++++++++++++------
|
|
1 file changed, 17 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/library/event.c b/src/library/event.c
|
|
index 564c120..2a4083b 100644
|
|
--- a/src/library/event.c
|
|
+++ b/src/library/event.c
|
|
@@ -339,9 +339,15 @@ subject_attr_t *get_subj_attr(event_t *e, subject_type_t t)
|
|
|
|
subj.val = 0;
|
|
if (exe) {
|
|
- if (exe->str && check_trust_database(exe->str,
|
|
- NULL, 0))
|
|
- subj.val = 1;
|
|
+ if (exe->str) {
|
|
+ int res = check_trust_database(exe->str, NULL, 0);
|
|
+
|
|
+ // ignore -1
|
|
+ if (res == 1)
|
|
+ subj.val = 1;
|
|
+ else
|
|
+ subj.val = 0;
|
|
+ }
|
|
}
|
|
}
|
|
break;
|
|
@@ -422,10 +428,15 @@ object_attr_t *get_obj_attr(event_t *e, object_type_t t)
|
|
case OBJ_TRUST: {
|
|
object_attr_t *path = get_obj_attr(e, PATH);
|
|
|
|
- if (path && path->o && check_trust_database(path->o,
|
|
- o->info, e->fd))
|
|
- obj.val = 1;
|
|
+ if (path && path->o) {
|
|
+ int res = check_trust_database(path->o, o->info, e->fd);
|
|
|
|
+ // ignore -1
|
|
+ if (res == 1)
|
|
+ obj.val = 1;
|
|
+ else
|
|
+ obj.val = 0;
|
|
+ }
|
|
}
|
|
break;
|
|
case FMODE:
|