129 lines
4.3 KiB
Diff
129 lines
4.3 KiB
Diff
diff -up shadow-4.5/lib/commonio.c.orig-context shadow-4.5/lib/commonio.c
|
|
--- shadow-4.5/lib/commonio.c.orig-context 2017-05-17 21:19:44.000000000 +0200
|
|
+++ shadow-4.5/lib/commonio.c 2017-07-20 16:47:41.102186239 +0200
|
|
@@ -941,7 +941,7 @@ int commonio_close (struct commonio_db *
|
|
snprintf (buf, sizeof buf, "%s-", db->filename);
|
|
|
|
#ifdef WITH_SELINUX
|
|
- if (set_selinux_file_context (buf) != 0) {
|
|
+ if (set_selinux_file_context (buf, db->filename) != 0) {
|
|
errors++;
|
|
}
|
|
#endif
|
|
@@ -974,7 +974,7 @@ int commonio_close (struct commonio_db *
|
|
snprintf (buf, sizeof buf, "%s+", db->filename);
|
|
|
|
#ifdef WITH_SELINUX
|
|
- if (set_selinux_file_context (buf) != 0) {
|
|
+ if (set_selinux_file_context (buf, db->filename) != 0) {
|
|
errors++;
|
|
}
|
|
#endif
|
|
diff -up shadow-4.5/libmisc/copydir.c.orig-context shadow-4.5/libmisc/copydir.c
|
|
--- shadow-4.5/libmisc/copydir.c.orig-context 2014-09-01 16:36:40.000000000 +0200
|
|
+++ shadow-4.5/libmisc/copydir.c 2017-07-20 16:47:41.102186239 +0200
|
|
@@ -484,7 +484,7 @@ static int copy_dir (const char *src, co
|
|
*/
|
|
|
|
#ifdef WITH_SELINUX
|
|
- if (set_selinux_file_context (dst) != 0) {
|
|
+ if (set_selinux_file_context (dst, NULL) != 0) {
|
|
return -1;
|
|
}
|
|
#endif /* WITH_SELINUX */
|
|
@@ -605,7 +605,7 @@ static int copy_symlink (const char *src
|
|
}
|
|
|
|
#ifdef WITH_SELINUX
|
|
- if (set_selinux_file_context (dst) != 0) {
|
|
+ if (set_selinux_file_context (dst, NULL) != 0) {
|
|
free (oldlink);
|
|
return -1;
|
|
}
|
|
@@ -684,7 +684,7 @@ static int copy_special (const char *src
|
|
int err = 0;
|
|
|
|
#ifdef WITH_SELINUX
|
|
- if (set_selinux_file_context (dst) != 0) {
|
|
+ if (set_selinux_file_context (dst, NULL) != 0) {
|
|
return -1;
|
|
}
|
|
#endif /* WITH_SELINUX */
|
|
@@ -744,7 +744,7 @@ static int copy_file (const char *src, c
|
|
return -1;
|
|
}
|
|
#ifdef WITH_SELINUX
|
|
- if (set_selinux_file_context (dst) != 0) {
|
|
+ if (set_selinux_file_context (dst, NULL) != 0) {
|
|
return -1;
|
|
}
|
|
#endif /* WITH_SELINUX */
|
|
diff -up shadow-4.5/lib/prototypes.h.orig-context shadow-4.5/lib/prototypes.h
|
|
--- shadow-4.5/lib/prototypes.h.orig-context 2017-05-17 21:19:44.000000000 +0200
|
|
+++ shadow-4.5/lib/prototypes.h 2017-07-20 16:47:41.102186239 +0200
|
|
@@ -311,7 +311,7 @@ extern /*@observer@*/const char *crypt_m
|
|
|
|
/* selinux.c */
|
|
#ifdef WITH_SELINUX
|
|
-extern int set_selinux_file_context (const char *dst_name);
|
|
+extern int set_selinux_file_context (const char *dst_name, const char *orig_name);
|
|
extern int reset_selinux_file_context (void);
|
|
#endif
|
|
|
|
diff -up shadow-4.5/lib/selinux.c.orig-context shadow-4.5/lib/selinux.c
|
|
--- shadow-4.5/lib/selinux.c.orig-context 2014-09-01 16:36:40.000000000 +0200
|
|
+++ shadow-4.5/lib/selinux.c 2017-07-20 16:47:41.102186239 +0200
|
|
@@ -50,7 +50,7 @@ static bool selinux_enabled;
|
|
* Callers may have to Reset SELinux to create files with default
|
|
* contexts with reset_selinux_file_context
|
|
*/
|
|
-int set_selinux_file_context (const char *dst_name)
|
|
+int set_selinux_file_context (const char *dst_name, const char *orig_name)
|
|
{
|
|
/*@null@*/security_context_t scontext = NULL;
|
|
|
|
@@ -62,19 +62,23 @@ int set_selinux_file_context (const char
|
|
if (selinux_enabled) {
|
|
/* Get the default security context for this file */
|
|
if (matchpathcon (dst_name, 0, &scontext) < 0) {
|
|
- if (security_getenforce () != 0) {
|
|
- return 1;
|
|
- }
|
|
+ /* We could not get the default, copy the original */
|
|
+ if (orig_name == NULL)
|
|
+ goto error;
|
|
+ if (getfilecon (orig_name, &scontext) < 0)
|
|
+ goto error;
|
|
}
|
|
/* Set the security context for the next created file */
|
|
- if (setfscreatecon (scontext) < 0) {
|
|
- if (security_getenforce () != 0) {
|
|
- return 1;
|
|
- }
|
|
- }
|
|
+ if (setfscreatecon (scontext) < 0)
|
|
+ goto error;
|
|
freecon (scontext);
|
|
}
|
|
return 0;
|
|
+ error:
|
|
+ if (security_getenforce () != 0) {
|
|
+ return 1;
|
|
+ }
|
|
+ return 0;
|
|
}
|
|
|
|
/*
|
|
diff -up shadow-4.5/src/useradd.c.orig-context shadow-4.5/src/useradd.c
|
|
--- shadow-4.5/src/useradd.c.orig-context 2017-07-20 16:47:41.102186239 +0200
|
|
+++ shadow-4.5/src/useradd.c 2017-07-20 16:50:28.226198387 +0200
|
|
@@ -1945,7 +1945,7 @@ static void create_home (void)
|
|
{
|
|
if (access (user_home, F_OK) != 0) {
|
|
#ifdef WITH_SELINUX
|
|
- if (set_selinux_file_context (user_home) != 0) {
|
|
+ if (set_selinux_file_context (user_home, NULL) != 0) {
|
|
fprintf (stderr,
|
|
_("%s: cannot set SELinux context for home directory %s\n"),
|
|
Prog, user_home);
|