mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-24 15:02:44 +00:00
252925ccdf
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955940 states: dbus-glib is a deprecated D-Bus library with some significant design flaws, and is essentially unmaintained. restorecond uses dbus-glib in order to spawn as a D-Bus service on the session bus of users. This makes restorecond stays so long as the user session exists. Migrate from dbus-glib to GDbus API for the implementation of this feature. Moreover restorecond currently uses a D-Bus signal to trigger starting the service. This is quite inappropriate, as stated for example in https://dbus.freedesktop.org/doc/dbus-tutorial.html#members Methods are operations that can be invoked on an object, with optional input (aka arguments or "in parameters") and output (aka return values or "out parameters"). Signals are broadcasts from the object to any interested observers of the object; signals may contain a data payload. Implementing a method is more appropriate. It appears that all D-Bus users can implement method Ping from interface org.freedesktop.DBus.Peer (https://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-peer) and that calling this method is enough to trigger the launch of the service. This can be tested in a shell by running: gdbus call --session --dest=org.selinux.Restorecond \ --object-path=/ --method=org.freedesktop.DBus.Peer.Ping As this method is automatically provided, there is no need to implement its handling in the service. Fixed: https://github.com/SELinuxProject/selinux/issues/217 Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> |
||
---|---|---|
.circleci | ||
checkpolicy | ||
dbus | ||
gui | ||
libselinux | ||
libsemanage | ||
libsepol | ||
mcstrans | ||
policycoreutils | ||
python | ||
restorecond | ||
sandbox | ||
scripts | ||
secilc | ||
semodule-utils | ||
.gitignore | ||
.travis.yml | ||
CleanSpec.mk | ||
CONTRIBUTING.md | ||
lgtm.yml | ||
Makefile | ||
README |
Please submit all bug reports and patches to selinux@vger.kernel.org. Subscribe by sending "subscribe selinux" in the body of an email to majordomo@vger.kernel.org. Build dependencies on Fedora: yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python3-devel python3-setools swig xmlto redhat-rpm-config To build and install everything under a private directory, run: make DESTDIR=~/obj install install-pywrap To install as the default system libraries and binaries (overwriting any previously installed ones - dangerous!), on x86_64, run: make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel or on x86 (32-bit), run: make install install-pywrap relabel This may render your system unusable if the upstream SELinux userspace lacks library functions or other dependencies relied upon by your distribution. If it breaks, you get to keep both pieces. To install libsepol on macOS (mainly for policy analysis): cd libsepol; make PREFIX=/usr/local install This requires GNU coreutils (brew install coreutils).