44
45
#include <signal.h>
45
46
#include <stdarg.h>
49
#endif /* HAVE_SELINUX */
47
50
#ifdef HAVE_LIBAUDIT
48
52
#include <libaudit.h>
49
53
#endif /* HAVE_LIBAUDIT */
50
#endif /* HAVE_SELINUX */
52
55
#define BUS_SID_FROM_SELINUX(sid) ((BusSELinuxID*) (sid))
53
56
#define SELINUX_SID_FROM_BUS(sid) ((security_id_t) (sid))
143
146
#ifdef HAVE_LIBAUDIT
144
147
if (audit_fd >= 0)
146
char buf[PATH_MAX*2];
149
capng_get_caps_process();
150
if (capng_have_capability(CAPNG_EFFECTIVE, CAP_AUDIT_WRITE))
152
char buf[PATH_MAX*2];
148
/* FIXME: need to change this to show real user */
149
vsnprintf(buf, sizeof(buf), fmt, ap);
150
audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
154
/* FIXME: need to change this to show real user */
155
vsnprintf(buf, sizeof(buf), fmt, ap);
156
audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
154
161
#endif /* HAVE_LIBAUDIT */
1010
1017
#endif /* HAVE_SELINUX */
1020
/* The !HAVE_LIBAUDIT case lives in dbus-sysdeps-util-unix.c */
1021
#ifdef HAVE_LIBAUDIT
1023
* Changes the user and group the bus is running as.
1025
* @param user the user to become
1026
* @param error return location for errors
1027
* @returns #FALSE on failure
1030
_dbus_change_to_daemon_user (const char *user,
1037
_dbus_string_init_const (&u, user);
1039
if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid))
1041
dbus_set_error (error, DBUS_ERROR_FAILED,
1042
"User '%s' does not appear to exist?",
1047
/* If we were root */
1048
if (_dbus_geteuid () == 0)
1052
capng_clear (CAPNG_SELECT_BOTH);
1053
capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
1055
rc = capng_change_id (uid, gid, 0);
1060
dbus_set_error (error, DBUS_ERROR_FAILED,
1061
"Failed to drop capabilities: %s\n",
1062
_dbus_strerror (errno));
1065
dbus_set_error (error, _dbus_error_from_errno (errno),
1066
"Failed to set GID to %lu: %s", gid,
1067
_dbus_strerror (errno));
1070
_dbus_warn ("Failed to drop supplementary groups: %s\n",
1071
_dbus_strerror (errno));
1074
dbus_set_error (error, _dbus_error_from_errno (errno),
1075
"Failed to set UID to %lu: %s", uid,
1076
_dbus_strerror (errno));
1079
dbus_set_error (error, _dbus_error_from_errno (errno),
1080
"Failed to unset keep-capabilities: %s\n",
1081
_dbus_strerror (errno));