On Thu, 16.04.15 19:30, Lennart Poettering (lenn...@poettering.net) wrote: > I will grant you though that it is confusing that we use > SD_BUS_CREDS_AUGMENT here like this, and implicitly rely on that the > selinux label is not a field that is being augmented. We should make > this explicit, absolutely. I'll now add some code that will make this > assumption explicit and fails early if the selinux label happens to be > augmented. Of course in real-life this is impossible to trigger, but > it's certainly helps understanding the code.
I now added some code for this now, that explicitly verifies that we don't base authorization decisions on augmented creds. As mentioned, this is only a safety net, as this cannot really happen anyway, but let's better be safer than sorry, and let's document our assumption this way explicitly in the code.. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel