dbus: check selinux privilege before returning process list

We protect less interetsing stuff with selinux "status", let's do that
here too.

diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 60e889e1effd8fc7000d9c90c8590b8522da9987..f1306a023f58193954debd2f429046d3dd13bd5e 100644 (file)
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1006,6 +1006,10 @@ int bus_unit_method_get_processes(sd_bus_message *message, void *userdata, sd_bu
 
         assert(message);
 
+        r = mac_selinux_unit_access_check(u, message, "status", error);
+        if (r < 0)
+                return r;
+
         pids = set_new(NULL);
         if (!pids)
                 return -ENOMEM;