From 5e8c96ebface66bb6bb111f7a23a7d00ea9d754c Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@fedoraproject.org>
Date: Thu, 30 Nov 2006 21:52:48 +0000
Subject: [PATCH] - Fix SELinux context on home directories created with
 useradd (#217441)

---
 shadow-4.0.17-useradd.patch | 46 +++++++++++++++++++++++++++++++++++++
 shadow-utils.spec           |  7 +++++-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 shadow-4.0.17-useradd.patch

diff --git a/shadow-4.0.17-useradd.patch b/shadow-4.0.17-useradd.patch
new file mode 100644
index 0000000..75f480c
--- /dev/null
+++ b/shadow-4.0.17-useradd.patch
@@ -0,0 +1,46 @@
+diff -rup shadow-4.0.17-orig/src/useradd.c shadow-4.0.17/src/useradd.c
+--- shadow-4.0.17-orig/src/useradd.c	2006-11-29 18:31:43.000000000 -0500
++++ shadow-4.0.17/src/useradd.c	2006-11-29 21:38:22.000000000 -0500
+@@ -45,6 +45,9 @@
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <time.h>
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#endif
+ #include "chkname.h"
+ #include "defines.h"
+ #include "faillog.h"
+@@ -1612,6 +1615,9 @@ static void usr_update (void)
+  */
+ static void create_home (void)
+ {
++        mode_t mode = 0;
++
++        mode = 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK);
+ 	if (access (user_home, F_OK)) {
+ 		/* XXX - create missing parent directories.  --marekm */
+ 		if (mkdir (user_home, 0)) {
+@@ -1625,9 +1631,19 @@ static void create_home (void)
+ #endif
+ 			fail_exit (E_HOMEDIR);
+ 		}
++#ifdef WITH_SELINUX
++                {
++                        security_context_t con = NULL;
++
++                        if (!matchpathcon(user_home, mode, &con))
++                        {
++                                setfilecon(user_home, con);
++                                freecon(con);
++                        }
++                }
++#endif
+ 		chown (user_home, user_id, user_gid);
+-		chmod (user_home,
+-		       0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
++		chmod (user_home, mode);
+ 		home_added++;
+ #ifdef WITH_AUDIT
+ 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+Only in shadow-4.0.17/src: useradd.c.useradd
diff --git a/shadow-utils.spec b/shadow-utils.spec
index 80230d9..e64ef16 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -5,7 +5,7 @@
 Summary: Utilities for managing accounts and shadow password files.
 Name: shadow-utils
 Version: 4.0.18.1
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch: 2
 URL: http://shadow.pld.org.pl/
 Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
@@ -23,6 +23,7 @@ Patch7: shadow-4.0.17-exitValues.patch
 Patch8: shadow-4.0.17-auditLogging.patch
 Patch9: shadow-4.0.18.1-gid.patch
 Patch10: shadow-4.0.18.1-overflow.patch
+Patch11: shadow-4.0.17-useradd.patch
 
 License: BSD
 Group: System Environment/Base
@@ -63,6 +64,7 @@ cp %{SOURCE3} lib/nscd.c
 %patch8 -p1 -b .auditLogging
 %patch9 -p1 -b .gid
 %patch10 -p1 -b .overflow
+%patch11 -p1 -b .useradd
 
 rm po/*.gmo
 rm po/stamp-po
@@ -217,6 +219,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*/man8/faillog.8*
 
 %changelog
+* Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 2:4.0.18.1-5
+- Fix SELinux context on home directories created with useradd (#217441)
+
 * Tue Nov 14 2006 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-4
 - fix chpasswd and chgpasswd stack overflow (#213052)