shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Code

sd-bus: drop check for selinux before calling getsockopt(SO_PEERSEC)

Browse Source 
Quoting Lennart Poettering in
https://github.com/systemd/systemd/pull/6464#issuecomment-319029293:
> If the kernel allows us to query that data we should also be Ok with passing
> it on to our own caller, regardless if selinux is technically on or off...

The advantage is that this allows gcc to be smarter and reduce linkage:
(before)$ ldd build/libnss_systemd.so.2
	linux-vdso.so.1 (0x00007ffeb46ff000)
	librt.so.1 => /lib64/librt.so.1 (0x00007f2f60da6000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007f2f60ba1000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f2f60978000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2f60759000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f2f60374000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f2f61294000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f2f600f0000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007f2f5feec000)
(after )$ ldd build/libnss_systemd.so.2
	linux-vdso.so.1 (0x00007ffe5f543000)
	librt.so.1 => /lib64/librt.so.1 (0x00007f427dcaa000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007f427daa5000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f427d886000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f427d4a1000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f427e196000)

Note that this only works in conjuction with the previous commit: either
of the two commits alone does not have the desired effect on linkage.

Replaces #6464.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2017-12-19 15:12:50 +01:00
parent de2e28d87d
commit db7d1dcae6
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libsystemd/sd-bus/bus-socket.c
View File

@ -608,11 +608,9 @@ static void bus_get_peercred(sd_bus *b) {
b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0;
/* Get the SELinux context of the peer */
if (mac_selinux_use()) {
r = getpeersec(b->input_fd, &b->label);
if (r < 0 && r != -EOPNOTSUPP)
log_debug_errno(r, "Failed to determine peer security context: %m");
}
r = getpeersec(b->input_fd, &b->label);
if (r < 0 && r != -EOPNOTSUPP)
log_debug_errno(r, "Failed to determine peer security context: %m");
}
static int bus_socket_start_auth_client(sd_bus *b) {