rpms/sssd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6cfd9704c1
sssd/0019-selinux-Begin-and-end-the-transaction-on-the-same-ne.patch
Lukas Slebodnik c4cf951d60 Fix slow login with ipa and SELinux 
- Resolves: upstream #2624 - Only set the selinux context if the context
                             differs from the local one
2015-04-15 14:17:32 +02:00

68 lines
2.1 KiB
Diff
Raw Blame History

From 342165ced656d64ec78bdb6f8897e15666cc08d2 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 10 Apr 2015 11:06:44 +0200
Subject: [PATCH 19/20] selinux: Begin and end the transaction on the same
nesting level
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Transaction should be started and commited on the same code nesting or
abstraction level. Also, transactions are really costly with libselinux
and splitting them from initialization will make init function reusable
by read-only libsemanage functions.
Reviewed-by: Michal Židek <mzidek@redhat.com>
---
src/util/sss_semanage.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c
index d141de1c671e6d62a731e56b10ee14069f27ae87..c0342498cbd0495733a0bf701a06a02cfb705fc7 100644
--- a/src/util/sss_semanage.c
+++ b/src/util/sss_semanage.c
@@ -109,12 +109,6 @@ static semanage_handle_t *sss_semanage_init(void)
goto fail;
}
- ret = semanage_begin_transaction(handle);
- if (ret != 0) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n");
- goto fail;
- }
-
return handle;
fail:
sss_semanage_close(handle);
@@ -243,6 +237,13 @@ int set_seuser(const char *login_name, const char *seuser_name,
goto done;
}
+ ret = semanage_begin_transaction(handle);
+ if (ret != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n");
+ ret = EIO;
+ goto done;
+ }
+
ret = semanage_seuser_key_create(handle, login_name, &key);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n");
@@ -303,6 +304,13 @@ int del_seuser(const char *login_name)
goto done;
}
+ ret = semanage_begin_transaction(handle);
+ if (ret != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n");
+ ret = EIO;
+ goto done;
+ }
+
ret = semanage_seuser_key_create(handle, login_name, &key);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n");
--
2.3.5
Reference in New Issue View Git Blame Copy Permalink