On Mon, 06.10.14 13:21, Jan Synacek (jsyna...@redhat.com) wrote: Hmm with this change in place we'd have different behaviour for the cases where systemctl executes the operation client-side, and when it goes via the bus. We really should keep those differences in behaviour to a minimum.
I figure the verification for this really needs to be moved a few levels down, somewhere into unit_file_enable() and friends, so that all code paths behave the same. > https://bugzilla.redhat.com/show_bug.cgi?id=1149069 > --- > src/core/dbus-manager.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c > index 533ce43..c2d52b2 100644 > --- a/src/core/dbus-manager.c > +++ b/src/core/dbus-manager.c > @@ -1588,18 +1588,23 @@ static int method_enable_unit_files_generic( > if (r < 0) > return r; > > -#ifdef HAVE_SELINUX > STRV_FOREACH(i, l) { > Unit *u; > > u = manager_get_unit(m, *i); > if (u) { > +#ifdef HAVE_SELINUX > r = selinux_unit_access_check(u, message, verb, > error); > if (r < 0) > return r; > +#endif > + if (u->load_state == UNIT_MASKED) { > + sd_bus_error_setf(error, > BUS_ERROR_UNIT_MASKED, > + "Unit %s is masked.", > u->id); > + return -EADDRNOTAVAIL; > + } > } > } > -#endif > > scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : > UNIT_FILE_USER; > > -- > 1.9.3 > > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
