diff options
author | Aleksander Morgado <aleksander@aleksander.es> | 2014-12-30 13:50:16 +0100 |
---|---|---|
committer | Aleksander Morgado <aleksander@aleksander.es> | 2015-01-09 13:07:00 +0100 |
commit | 5ad9573a05abd86595e08063bad94915cf104766 (patch) | |
tree | eed494879024e73b89fd468e021d59caa3c35683 | |
parent | 967a815344dc05ec7c8e6ec2fb1ca2b853074a03 (diff) | |
download | libmbim-5ad9573a05abd86595e08063bad94915cf104766.tar.gz |
libmbim-glib,utils: avoid getpwnam() call if --enable-mbim-username not used
If --enable-mbim-username isn't explicitly used, we should just check for the
root user UID, without using getpwnam(). See e.g. these SELinux warnings:
SELinux is preventing /usr/bin/bash from read access on the file /etc/passwd.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that bash should be allowed read access on the passwd file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do allow this access for now by executing:
# grep mbim-proxy /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
-rw-r--r-- | configure.ac | 20 | ||||
-rw-r--r-- | src/libmbim-glib/mbim-utils.c | 9 | ||||
-rw-r--r-- | src/mbim-proxy/Makefile.am | 2 |
3 files changed, 24 insertions, 7 deletions
diff --git a/configure.ac b/configure.ac index 13a0c38..c46ccd4 100644 --- a/configure.ac +++ b/configure.ac @@ -97,17 +97,20 @@ dnl Documentation GTK_DOC_CHECK(1.0) # MBIM username +MBIM_USERNAME="root" AC_ARG_ENABLE(mbim-username, AS_HELP_STRING([--enable-mbim-username=<username>], [user allowed to access MBIM devices])) if test -n "$enable_mbim_username" ; then + MBIM_USERNAME_ENABLED=yes + AC_DEFINE(MBIM_USERNAME_ENABLED, 1, [Define if we enable MBIM username]) MBIM_USERNAME="$enable_mbim_username" + AC_SUBST(MBIM_USERNAME) + AC_DEFINE_UNQUOTED(MBIM_USERNAME, "$MBIM_USERNAME", [Define the MBIM username]) else - MBIM_USERNAME="root" + MBIM_USERNAME_ENABLED=no fi -AM_CONDITIONAL([INSTALL_MBIM_UDEV_RULES], [test "x$enable_mbim_username" = "x$MBIM_USERNAME"]) -AC_SUBST(MBIM_USERNAME) -AC_DEFINE_UNQUOTED(MBIM_USERNAME, "$MBIM_USERNAME", [Define the MBIM username]) -AM_COND_IF([INSTALL_MBIM_UDEV_RULES], [AC_CONFIG_FILES([src/mbim-proxy/76-mbim-proxy-device-ownership.rules])]) + +AM_CONDITIONAL([MBIM_USERNAME_ENABLED], [test "x$MBIM_USERNAME_ENABLED" = "xyes"]) # udev base directory AC_ARG_WITH(udev-base-dir, AS_HELP_STRING([--with-udev-base-dir=DIR], [where udev base directory is])) @@ -142,6 +145,11 @@ AC_CONFIG_FILES([Makefile docs/reference/libmbim-glib/Makefile docs/reference/libmbim-glib/version.xml docs/man/Makefile]) + +if test "x$MBIM_USERNAME_ENABLED" = "xyes"; then + AC_CONFIG_FILES([src/mbim-proxy/76-mbim-proxy-device-ownership.rules]) +fi + AC_OUTPUT echo " @@ -153,5 +161,5 @@ echo " Maintainer mode: ${USE_MAINTAINER_MODE} udev base directory: ${UDEV_BASE_DIR} Documentation: ${enable_gtk_doc} - MBIM username: ${MBIM_USERNAME} + MBIM username: ${MBIM_USERNAME_ENABLED} (${MBIM_USERNAME}) " diff --git a/src/libmbim-glib/mbim-utils.c b/src/libmbim-glib/mbim-utils.c index f5a766b..2b89f7c 100644 --- a/src/libmbim-glib/mbim-utils.c +++ b/src/libmbim-glib/mbim-utils.c @@ -79,6 +79,14 @@ gboolean __mbim_user_allowed (uid_t uid, GError **error) { +#ifndef MBIM_USERNAME_ENABLED + if (uid == 0) + return TRUE; +#else +# ifndef MBIM_USERNAME +# error MBIM username not defined +# endif + struct passwd *expected_usr = NULL; expected_usr = getpwnam (MBIM_USERNAME); @@ -97,6 +105,7 @@ __mbim_user_allowed (uid_t uid, if (uid == expected_usr->pw_uid) return TRUE; +#endif g_set_error (error, MBIM_CORE_ERROR, diff --git a/src/mbim-proxy/Makefile.am b/src/mbim-proxy/Makefile.am index 1558fe5..33425e0 100644 --- a/src/mbim-proxy/Makefile.am +++ b/src/mbim-proxy/Makefile.am @@ -16,7 +16,7 @@ mbim_proxy_LDADD = \ $(top_builddir)/src/libmbim-glib/libmbim-glib.la #Install udev rules only if configured with --enable-mbim-username -if INSTALL_MBIM_UDEV_RULES +if MBIM_USERNAME_ENABLED udevrulesdir = $(UDEV_BASE_DIR)/rules.d udevrules_DATA = 76-mbim-proxy-device-ownership.rules endif |