diff options
author | Roshan Pius <rpius@chromium.org> | 2015-01-07 09:38:11 -0800 |
---|---|---|
committer | Aleksander Morgado <aleksander@aleksander.es> | 2015-01-09 13:13:31 +0100 |
commit | 8ddd37c2ac674b65fe3e223c61c5a100646abbc2 (patch) | |
tree | d98bae46a731baa6b5afbaf0cd0ad42eef764c4e /src | |
parent | 4c4b16d3f94940c2b631e7d614b0fe71083b8450 (diff) |
libqmi-glib,utils: avoid getpwnam() call if --enable-qmi-username not used
If --enable-qmi-username isn't explicitly used, we should just check
for the root user UID, without using getpwnam(). See e.g. these SELinux warnings:
SELinux is preventing /usr/bin/bash from read access on the file /etc/passwd.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that bash should be allowed read access on the passwd file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do allow this access for now by executing:
# grep qmi-proxy /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Diffstat (limited to 'src')
-rw-r--r-- | src/libqmi-glib/qmi-utils.c | 9 | ||||
-rw-r--r-- | src/qmi-proxy/Makefile.am | 2 |
2 files changed, 10 insertions, 1 deletions
diff --git a/src/libqmi-glib/qmi-utils.c b/src/libqmi-glib/qmi-utils.c index 11f1d90..60100b6 100644 --- a/src/libqmi-glib/qmi-utils.c +++ b/src/libqmi-glib/qmi-utils.c @@ -81,6 +81,14 @@ gboolean __qmi_user_allowed (uid_t uid, GError **error) { +#ifndef QMI_USERNAME_ENABLED + if (uid == 0) + return TRUE; +#else +# ifndef QMI_USERNAME +# error QMI username not defined +# endif + struct passwd *expected_usr = NULL; expected_usr = getpwnam (QMI_USERNAME); @@ -99,6 +107,7 @@ __qmi_user_allowed (uid_t uid, if (uid == expected_usr->pw_uid) return TRUE; +#endif g_set_error (error, QMI_CORE_ERROR, diff --git a/src/qmi-proxy/Makefile.am b/src/qmi-proxy/Makefile.am index 34c6db0..4bbfd6d 100644 --- a/src/qmi-proxy/Makefile.am +++ b/src/qmi-proxy/Makefile.am @@ -16,7 +16,7 @@ qmi_proxy_LDADD = \ $(top_builddir)/src/libqmi-glib/libqmi-glib.la #Install udev rules only if configured with --enable-qmi-username -if INSTALL_QMI_UDEV_RULES +if QMI_USERNAME_ENABLED udevrulesdir = $(UDEV_BASE_DIR)/rules.d udevrules_DATA = 76-qmi-proxy-device-ownership.rules endif |