rpms / authselect

Clone
Source Code
GIT

Blame SOURCES/0037-lib-make-selinux-functions-work-with-selinux-disable.patch

c8 c8-beta c8s c9 c9-beta
  1.   1756dcfa6414e43b9fe5d33f90f41d18fbba20a7
  2.   SOURCES
  3.   0037-lib-make-selinux-functions-work-with-selinux-disable.patch
Blob History Raw
1756dc 
From 29add823913b66e0637d27d962ad5c5f9c85de70 Mon Sep 17 00:00:00 2001
1756dc 
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
1756dc 
Date: Mon, 28 Jan 2019 12:13:54 +0100
1756dc 
Subject: [PATCH] lib: make selinux functions work with selinux disabled
1756dc
1756dc 
Resolves:
1756dc 
https://github.com/pbrezina/authselect/issues/133
1756dc 
---
1756dc 
 src/lib/util/file.c     | 38 +++++++++++++++++++++++++++++++++
1756dc 
 src/lib/util/file.h     | 13 +++++++++++-
1756dc 
 src/lib/util/selinux.c  | 47 ++++++++++++++++-------------------------
1756dc 
 src/lib/util/selinux.h  |  8 ++++---
1756dc 
 src/lib/util/template.c | 23 ++++++--------------
1756dc 
 5 files changed, 79 insertions(+), 50 deletions(-)
1756dc
1756dc 
diff --git a/src/lib/util/file.c b/src/lib/util/file.c
1756dc 
index fa231f771a7d0cdd449b69c4bf7b00d93aefc375..2e23ce39ec04e6aaf79f16410f9ac08dc3f9d54c 100644
1756dc 
--- a/src/lib/util/file.c
1756dc 
+++ b/src/lib/util/file.c
1756dc 
@@ -329,3 +329,41 @@ file_make_path(const char *path, mode_t mode)
1756dc 
     return EOK;
1756dc
1756dc 
 }
1756dc 
+
1756dc 
+errno_t
1756dc 
+file_mktmp_for(const char *path, mode_t mode, char **_tmpfile)
1756dc 
+{
1756dc 
+    mode_t oldmask;
1756dc 
+    char *tmpfile;
1756dc 
+    errno_t ret;
1756dc 
+    int fd;
1756dc 
+
1756dc 
+    oldmask = umask(mode);
1756dc 
+
1756dc 
+    tmpfile = format("%s.XXXXXX", path);
1756dc 
+    if (tmpfile == NULL) {
1756dc 
+        ret = ENOMEM;
1756dc 
+        goto done;
1756dc 
+    }
1756dc 
+
1756dc 
+    fd = mkstemp(tmpfile);
1756dc 
+    if (fd == -1) {
1756dc 
+        ret = errno;
1756dc 
+        goto done;
1756dc 
+    }
1756dc 
+
1756dc 
+    close(fd);
1756dc 
+
1756dc 
+    *_tmpfile = tmpfile;
1756dc 
+
1756dc 
+    ret = EOK;
1756dc 
+
1756dc 
+done:
1756dc 
+    if (ret != EOK) {
1756dc 
+        free(tmpfile);
1756dc 
+    }
1756dc 
+
1756dc 
+    umask(oldmask);
1756dc 
+
1756dc 
+    return ret;
1756dc 
+}
1756dc 
diff --git a/src/lib/util/file.h b/src/lib/util/file.h
1756dc 
index 49ebef37443bf137439bad27fd75283c25c9c3e5..6d5823791bfcc581304200d0c2d37b41c3d7b95d 100644
1756dc 
--- a/src/lib/util/file.h
1756dc 
+++ b/src/lib/util/file.h
1756dc 
@@ -133,7 +133,7 @@ file_get_parent_directory(const char *filepath);
1756dc 
 /**
1756dc 
  * Create all directories in a path. Path must end with a directory not a file.
1756dc 
  *
1756dc 
- * @param filename       Path to the file whose directories should be created.
1756dc 
+ * @param path           Path to the file whose directories should be created.
1756dc 
  * @param mode           Directory mode.
1756dc 
  *
1756dc 
  * @return EOK on success, other errno code on error.
1756dc 
@@ -141,4 +141,15 @@ file_get_parent_directory(const char *filepath);
1756dc 
 errno_t
1756dc 
 file_make_path(const char *path, mode_t mode);
1756dc
1756dc 
+/**
1756dc 
+ * Make temporary file for @path so it can be first written and then safelly
1756dc 
+ * renamed to @path.
1756dc 
+ *
1756dc 
+ * @param path           Path to the file whose directories should be created.
1756dc 
+ * @param mode           Temporary file mode.
1756dc 
+ * @param _tmpfile       Path to created temporary file.
1756dc 
+ */
1756dc 
+errno_t
1756dc 
+file_mktmp_for(const char *path, mode_t mode, char **_tmpfile);
1756dc 
+
1756dc 
 #endif /* _FILE_H_ */
1756dc 
diff --git a/src/lib/util/selinux.c b/src/lib/util/selinux.c
1756dc 
index 9b0e0ff26b768d88f67a42985c5d5bafb8aa58ec..01b68087b265c0ef1c1087f626df8e20de086338 100644
1756dc 
--- a/src/lib/util/selinux.c
1756dc 
+++ b/src/lib/util/selinux.c
1756dc 
@@ -26,6 +26,7 @@
1756dc 
 #include <selinux/label.h>
1756dc
1756dc 
 #include "common/common.h"
1756dc 
+#include "lib/util/file.h"
1756dc
1756dc 
 errno_t
1756dc 
 selinux_get_default_context(const char *path,
1756dc 
@@ -61,15 +62,19 @@ selinux_get_default_context(const char *path,
1756dc 
 }
1756dc
1756dc 
 errno_t
1756dc 
-selinux_mkstemp_of(const char *filepath,
1756dc 
-                   char **_tmpfile)
1756dc 
+selinux_mkstemp_for(const char *filepath,
1756dc 
+                    mode_t mode,
1756dc 
+                    char **_tmpfile)
1756dc 
 {
1756dc 
     char *original_context = NULL;
1756dc 
     char *default_context = NULL;
1756dc 
-    char *tmpfile = NULL;
1756dc 
+    char *tmpfile;
1756dc 
     errno_t ret;
1756dc 
     int seret;
1756dc 
-    int fd;
1756dc 
+
1756dc 
+    if (is_selinux_enabled() != 1) {
1756dc 
+        return file_mktmp_for(filepath, mode, _tmpfile);
1756dc 
+    }
1756dc
1756dc 
     seret = getfscreatecon(&original_context);
1756dc 
     if (seret != 0) {
1756dc 
@@ -77,12 +82,6 @@ selinux_mkstemp_of(const char *filepath,
1756dc 
         return EIO;
1756dc 
     }
1756dc
1756dc 
-    tmpfile = format("%s.XXXXXX", filepath);
1756dc 
-    if (tmpfile == NULL) {
1756dc 
-        ret = ENOMEM;
1756dc 
-        goto done;
1756dc 
-    }
1756dc 
-
1756dc 
     ret = selinux_get_default_context(filepath, &default_context);
1756dc 
     if (ret == ENOENT) {
1756dc 
         default_context = NULL;
1756dc 
@@ -92,6 +91,7 @@ selinux_mkstemp_of(const char *filepath,
1756dc 
         goto done;
1756dc 
     }
1756dc
1756dc 
+    /* Set desired fs create context. */
1756dc 
     seret = setfscreatecon(default_context);
1756dc 
     if (seret != 0) {
1756dc 
         ERROR("Unable to set fscreate selinux context!");
1756dc 
@@ -99,22 +99,9 @@ selinux_mkstemp_of(const char *filepath,
1756dc 
         goto done;
1756dc 
     }
1756dc
1756dc 
-    fd = mkstemp(tmpfile);
1756dc 
-    if (fd == -1) {
1756dc 
-        ret = errno;
1756dc 
-
1756dc 
-        seret = setfscreatecon(original_context);
1756dc 
-        if (seret != 0) {
1756dc 
-            ERROR("Unable to restore fscreate selinux context!");
1756dc 
-            ret = EIO;
1756dc 
-            goto done;
1756dc 
-        }
1756dc 
-
1756dc 
-        goto done;
1756dc 
-    }
1756dc 
-
1756dc 
-    close(fd);
1756dc 
+    ret = file_mktmp_for(filepath, mode, &tmpfile);
1756dc
1756dc 
+    /* Restore original fs create context. */
1756dc 
     seret = setfscreatecon(original_context);
1756dc 
     if (seret != 0) {
1756dc 
         ERROR("Unable to restore fscreate selinux context!");
1756dc 
@@ -122,6 +109,12 @@ selinux_mkstemp_of(const char *filepath,
1756dc 
         goto done;
1756dc 
     }
1756dc
1756dc 
+    /* Check result of file_mktmp_for() */
1756dc 
+    if (ret != EOK) {
1756dc 
+        free(tmpfile);
1756dc 
+        goto done;
1756dc 
+    }
1756dc 
+
1756dc 
     *_tmpfile = tmpfile;
1756dc
1756dc 
     ret = EOK;
1756dc 
@@ -135,9 +128,5 @@ done:
1756dc 
         freecon(default_context);
1756dc 
     }
1756dc
1756dc 
-    if (ret != EOK) {
1756dc 
-        free(tmpfile);
1756dc 
-    }
1756dc 
-
1756dc 
     return ret;
1756dc 
 }
1756dc 
diff --git a/src/lib/util/selinux.h b/src/lib/util/selinux.h
1756dc 
index 26f2374140562dd085145845ed3092a0ddcf924e..8abfb3fb5d244b32570cc9e573b2e12df14177e1 100644
1756dc 
--- a/src/lib/util/selinux.h
1756dc 
+++ b/src/lib/util/selinux.h
1756dc 
@@ -39,12 +39,14 @@ selinux_get_default_context(const char *path);
1756dc 
  * set to default security context of @filepath.
1756dc 
  *
1756dc 
  * @param filepath File for which a temporary file should be created.
1756dc 
- * @param _tmpfile Create temporary file.
1756dc 
+ * @param mode     Temporary file mode.
1756dc 
+ * @param _tmpfile Created temporary file.
1756dc 
  *
1756dc 
  * @return EOK on success, other errno code on failure.
1756dc 
  */
1756dc 
 errno_t
1756dc 
-selinux_mkstemp_of(const char *filepath,
1756dc 
-                   char **_tmpfile);
1756dc 
+selinux_mkstemp_for(const char *filepath,
1756dc 
+                    mode_t mode,
1756dc 
+                    char **_tmpfile);
1756dc
1756dc 
 #endif /* _SELINUX_H_ */
1756dc 
diff --git a/src/lib/util/template.c b/src/lib/util/template.c
1756dc 
index 9773dcbf1ecbde4fe2408f1b816dce129747806f..1f3464912d8fe7afe8a7f0920fe31eb5c2dfaba5 100644
1756dc 
--- a/src/lib/util/template.c
1756dc 
+++ b/src/lib/util/template.c
1756dc 
@@ -592,36 +592,25 @@ template_write_temporary(const char *filepath,
1756dc 
                          mode_t mode,
1756dc 
                          char **_tmpfile)
1756dc 
 {
1756dc 
-    mode_t oldmask;
1756dc 
     char *tmpfile;
1756dc 
     errno_t ret;
1756dc
1756dc 
-    oldmask = umask(mode);
1756dc 
-
1756dc 
-    ret = selinux_mkstemp_of(filepath, &tmpfile);
1756dc 
+    ret = selinux_mkstemp_for(filepath, mode, &tmpfile);
1756dc 
     if (ret != EOK) {
1756dc 
         ERROR("Unable to create temporary file for [%s] [%d]: %s",
1756dc 
               filepath, ret, strerror(ret));
1756dc 
-        goto done;
1756dc 
+        return ret;
1756dc 
     }
1756dc
1756dc 
     ret = template_write(tmpfile, content, mode);
1756dc 
-    if (ret != EOK) {
1756dc 
-        goto done;
1756dc 
-    }
1756dc 
-
1756dc 
-    *_tmpfile = tmpfile;
1756dc 
-
1756dc 
-    ret = EOK;
1756dc 
-
1756dc 
-done:
1756dc 
-    umask(oldmask);
1756dc 
-
1756dc 
     if (ret != EOK) {
1756dc 
         free(tmpfile);
1756dc 
+        return ret;
1756dc 
     }
1756dc
1756dc 
-    return ret;
1756dc 
+    *_tmpfile = tmpfile;
1756dc 
+
1756dc 
+    return EOK;
1756dc 
 }
1756dc
1756dc 
 bool
1756dc 
--
1756dc 
2.17.2
1756dc

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation