On Thu, Jul 16, 2020 at 11:28 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Thu, Jul 16, 2020 at 11:12 AM Stephen Smalley > <stephen.smalley.work@xxxxxxxxx> wrote: <snip> > > > > That version of dbus did not call avc_netlink_acquire_fd(). It only > > calls avc_init() with a thread callback, > > with the expectation that avc_init() will create the thread (as it did > > prior to your patch). So you can't move that part. > > Not sure what happens if you leave it there. > > Oh, I see - you'd need to ensure that the netlink socket is created > first, or change the thread function to call > selinux_status_updated() instead of checking netlink. I guess the > question is what is the actual behavior required. > dbus doesn't care so much whether we are using netlink here but only > that the thread gets created, checks whether > there is a notification, and calls a callback if so. So it seems that > you could just change avc_init to call selinux_status_open(1), > then if avc_using_threads, create a thread with a function that just > loops on selinux_status_updated() calls. No need to > call an avc_netlink_* function at all (except in the fallback case > inside of sestatus.c). Does that make sense? Yeah, that all makes sense. I'll test it out and hopefully post a new patch later today. Thanks again. -- Mike Palmiotto https://crunchydata.com
