69 lines
2.2 KiB
Diff
69 lines
2.2 KiB
Diff
From 47987b0af3b1898a0ed5a772dbc4438b59fba8c8 Mon Sep 17 00:00:00 2001
|
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
Date: Fri, 10 Apr 2015 11:06:44 +0200
|
|
Subject: [PATCH 4/5] selinux: Begin and end the transaction on the same
|
|
nesting level
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Transaction should be started and commited on the same code nesting or
|
|
abstraction level. Also, transactions are really costly with libselinux
|
|
and splitting them from initialization will make init function reusable
|
|
by read-only libsemanage functions.
|
|
|
|
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
(cherry picked from commit 748b38a7991d78cbf4726f2a14ace5e926629a54)
|
|
---
|
|
src/util/sss_semanage.c | 20 ++++++++++++++------
|
|
1 file changed, 14 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c
|
|
index d141de1c671e6d62a731e56b10ee14069f27ae87..c0342498cbd0495733a0bf701a06a02cfb705fc7 100644
|
|
--- a/src/util/sss_semanage.c
|
|
+++ b/src/util/sss_semanage.c
|
|
@@ -109,12 +109,6 @@ static semanage_handle_t *sss_semanage_init(void)
|
|
goto fail;
|
|
}
|
|
|
|
- ret = semanage_begin_transaction(handle);
|
|
- if (ret != 0) {
|
|
- DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n");
|
|
- goto fail;
|
|
- }
|
|
-
|
|
return handle;
|
|
fail:
|
|
sss_semanage_close(handle);
|
|
@@ -243,6 +237,13 @@ int set_seuser(const char *login_name, const char *seuser_name,
|
|
goto done;
|
|
}
|
|
|
|
+ ret = semanage_begin_transaction(handle);
|
|
+ if (ret != 0) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n");
|
|
+ ret = EIO;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
ret = semanage_seuser_key_create(handle, login_name, &key);
|
|
if (ret != 0) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n");
|
|
@@ -303,6 +304,13 @@ int del_seuser(const char *login_name)
|
|
goto done;
|
|
}
|
|
|
|
+ ret = semanage_begin_transaction(handle);
|
|
+ if (ret != 0) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n");
|
|
+ ret = EIO;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
ret = semanage_seuser_key_create(handle, login_name, &key);
|
|
if (ret != 0) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n");
|
|
--
|
|
2.3.5
|
|
|