From 1c61877e39e19b9f8d4abf8c15df46d261adf217 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 28 Mar 2011 13:58:23 +0100 Subject: [PATCH 2/2] bus_context_check_security_policy: don't syslog SELinux denials, just share the code This partially reverts the effect of commit 8930ff209. Colin pointed out that selinux.c logs denials itself. --- bus/bus.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/bus/bus.c b/bus/bus.c index 166fb09..6b0dc08 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -1469,11 +1469,12 @@ bus_context_check_security_policy (BusContext *context, { if (error != NULL && !dbus_error_is_set (error)) { + /* don't syslog this, just set the error: avc_has_perm should + * have already written to either the audit log or syslog */ complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, "An SELinux policy prevents this sender from sending this " "message to this recipient", - 0, message, sender, proposed_recipient, FALSE, - (addressed_recipient == proposed_recipient), error); + 0, message, sender, proposed_recipient, FALSE, FALSE, error); _dbus_verbose ("SELinux security check denying send to service\n"); } -- 1.7.4.1