access() uses real UID instead of effective UID which causes false negative checks in setuid programs.
Following patches remove redundant access checks (where the access check was followed by open, write,etc. call and the return value is checked), and replace necessary "access(, F_OK)" checks by "stats()" (e.g. in case where existence of a file determines if hll module compilation is necessary, or represents some setting - such as preserve_tunables). RHBZ #1186431 libsemanage/src/direct_api.c | 79 ++++++++++++++++++++++++++++++++++++------------------------------------------- libsemanage/src/semanage_store.c | 17 ++++++++--------- 2 files changed, 44 insertions(+), 52 deletions(-)
