If $DISPLAY is not set and --display is not used, aa-notify prints a
warning that notifications won't be shown (exact warning text depends if
using sudo or not).
Acked-by: John Johansen <john.johansen@canonical.com>
- set HOME (and DISPLAY) only once on startup to avoid NSS lookups
Acked-by: Jamie Strandboge <jamie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Christian Boltz <opensuse@cboltz.de>
openSUSE, which results in non-working desktop notifications in aa-notify
because $notify_exe is unable to connect to DBUS to display the message.
This patch sets the correct value for $HOME.
The code for setting $DISPLAY is still under discussion, therefore only
a TODO note is included in this commit for $DISPLAY.
Acked-By: John Johansen <john.johansen@canonical.com>
aa-notify would abort if it could not stat the logfile, as can happen
when using auditd and the directory perms for the logfile do not allow access
(x). Add raise_privileges() and drop_privileges() helper functions and adjust
get_logfile_size() and get_logfile_inode() to raise then drop privileges if the
logfile parent directory is not executable. Also adjust reopen_logfile() to use
these helpers.
When error checking, use '$> == ...' instead of '$> = ... or die...' since perl
always dies when raising privs in this manner even though the euid did change
(and $!, $@, $^E, and $? are all the same). Not sure why this is happening but
the '==' check should be sufficient.
- drop supplemental group privileges too. While POSIX::setgid() works nice in
that it will set both the real uid and euid, it doesn't do anything with the
supplemental groups (sigh). Instead, assign to $( and $) in a manner that
clears the supplemental groups.
of a mix of symlinks to non-prefixed comands, and "apparmor_" prefixed
commands.
This also refactors the manpage generation slightly since we no longer
need special cases for the manpages, and drops aa-eventd from the default
list of tools to install (it also lacks a manpage).
