Go to file
Nicolas Iooss 252925ccdf
restorecond: migrate to GDbus API provided by glib-gio
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955940 states:

    dbus-glib is a deprecated D-Bus library with some significant design
    flaws, and is essentially unmaintained.

restorecond uses dbus-glib in order to spawn as a D-Bus service on the
session bus of users. This makes restorecond stays so long as the user
session exists.

Migrate from dbus-glib to GDbus API for the implementation of this
feature.

Moreover restorecond currently uses a D-Bus signal to trigger starting
the service. This is quite inappropriate, as stated for example in
https://dbus.freedesktop.org/doc/dbus-tutorial.html#members

    Methods are operations that can be invoked on an object, with
    optional input (aka arguments or "in parameters") and output (aka
    return values or "out parameters"). Signals are broadcasts from the
    object to any interested observers of the object; signals may
    contain a data payload.

Implementing a method is more appropriate. It appears that all D-Bus
users can implement method Ping from interface org.freedesktop.DBus.Peer
(https://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-peer)
and that calling this method is enough to trigger the launch of the
service. This can be tested in a shell by running:

    gdbus call --session --dest=org.selinux.Restorecond \
        --object-path=/ --method=org.freedesktop.DBus.Peer.Ping

As this method is automatically provided, there is no need to implement
its handling in the service.

Fixed: https://github.com/SELinuxProject/selinux/issues/217

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2020-04-26 15:14:03 +02:00
.circleci CircleCI: run scan-build and publish its results automatically 2019-09-26 09:45:47 -04:00
checkpolicy checkpolicy: add missing forward declaration 2020-03-25 09:54:21 -05:00
dbus Update VERSIONs to 3.0 for release. 2019-11-28 13:46:48 +01:00
gui Update VERSIONs to 3.0 for release. 2019-11-28 13:46:48 +01:00
libselinux libselinux,libsemanage: remove double blank lines 2020-04-22 16:40:34 -05:00
libsemanage libselinux,libsemanage: remove double blank lines 2020-04-22 16:40:34 -05:00
libsepol cil: re-enable DISABLE_SYMVER define 2020-03-27 09:27:04 -05:00
mcstrans tree-wide: replace last occurrences of security_context_t 2020-03-25 09:54:21 -05:00
policycoreutils setfiles: Add -E option to treat conflicting specifications as errors. 2020-04-14 18:22:25 +02:00
python python/semanage: check rc after getting it 2020-04-22 16:40:34 -05:00
restorecond restorecond: migrate to GDbus API provided by glib-gio 2020-04-26 15:14:03 +02:00
sandbox tree-wide: replace last occurrences of security_context_t 2020-03-25 09:54:21 -05:00
scripts libsepol, libsemanage: add a macro to silence static analyzer warnings in tests 2019-09-30 08:43:41 -04:00
secilc secilc: add basic test for policy optimization 2020-03-18 13:56:34 -04:00
semodule-utils Update VERSIONs to 3.0 for release. 2019-11-28 13:46:48 +01:00
.gitignore restorecond: Add gitignore 2016-11-16 11:20:05 -05:00
.travis.yml Travis-CI: test that DEBUG build works 2020-02-07 16:29:04 -05:00
CleanSpec.mk Add empty top level Android.mk / CleanSpec.mk files 2015-04-16 07:54:09 -04:00
CONTRIBUTING.md Fix many misspellings 2019-09-18 22:47:35 +02:00
lgtm.yml Add configuration file for lgtm.com 2019-09-18 08:24:11 -04:00
Makefile Makefile: always build with -fno-common 2020-01-27 10:51:23 -05:00
README README: Update Fedora python 3 dependencies 2019-02-20 16:43:27 +01:00

Please submit all bug reports and patches to selinux@vger.kernel.org.
Subscribe by sending "subscribe selinux" in the body of an email
to majordomo@vger.kernel.org.

Build dependencies on Fedora:
yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python3-devel python3-setools swig xmlto redhat-rpm-config

To build and install everything under a private directory, run:
make DESTDIR=~/obj install install-pywrap

To install as the default system libraries and binaries
(overwriting any previously installed ones - dangerous!),
on x86_64, run:
make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel
or on x86 (32-bit), run:
make install install-pywrap relabel

This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution.  If it breaks, you get to keep both pieces.

To install libsepol on macOS (mainly for policy analysis):
cd libsepol; make PREFIX=/usr/local install

This requires GNU coreutils (brew install coreutils).