|
 |
9f90df |
diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.c
|
|
|
9f90df |
--- shadow-4.1.5.1/lib/commonio.c.orig-context 2012-09-19 20:27:16.000000000 +0200
|
|
|
9f90df |
+++ shadow-4.1.5.1/lib/commonio.c 2013-02-20 15:20:55.064962324 +0100
|
|
|
9f90df |
@@ -941,7 +941,7 @@ int commonio_close (struct commonio_db *
|
|
|
9f90df |
snprintf (buf, sizeof buf, "%s-", db->filename);
|
|
|
9f90df |
|
|
|
9f90df |
#ifdef WITH_SELINUX
|
|
|
9f90df |
- if (set_selinux_file_context (buf) != 0) {
|
|
|
9f90df |
+ if (set_selinux_file_context (buf, db->filename) != 0) {
|
|
|
9f90df |
errors++;
|
|
|
9f90df |
}
|
|
|
9f90df |
#endif
|
|
|
9f90df |
@@ -975,7 +975,7 @@ int commonio_close (struct commonio_db *
|
|
|
9f90df |
snprintf (buf, sizeof buf, "%s+", db->filename);
|
|
|
9f90df |
|
|
|
9f90df |
#ifdef WITH_SELINUX
|
|
|
9f90df |
- if (set_selinux_file_context (buf) != 0) {
|
|
|
9f90df |
+ if (set_selinux_file_context (buf, db->filename) != 0) {
|
|
|
9f90df |
errors++;
|
|
|
9f90df |
}
|
|
|
9f90df |
#endif
|
|
|
9f90df |
diff -up shadow-4.1.5.1/libmisc/copydir.c.orig-context shadow-4.1.5.1/libmisc/copydir.c
|
|
|
9f90df |
--- shadow-4.1.5.1/libmisc/copydir.c.orig-context 2012-02-13 20:16:32.000000000 +0100
|
|
|
9f90df |
+++ shadow-4.1.5.1/libmisc/copydir.c 2013-02-20 15:19:01.495623232 +0100
|
|
|
9f90df |
@@ -484,7 +484,7 @@ static int copy_dir (const char *src, co
|
|
|
9f90df |
*/
|
|
|
9f90df |
|
|
|
9f90df |
#ifdef WITH_SELINUX
|
|
|
9f90df |
- if (set_selinux_file_context (dst) != 0) {
|
|
|
9f90df |
+ if (set_selinux_file_context (dst, NULL) != 0) {
|
|
|
9f90df |
return -1;
|
|
|
9f90df |
}
|
|
|
9f90df |
#endif /* WITH_SELINUX */
|
|
|
9f90df |
@@ -605,7 +605,7 @@ static int copy_symlink (const char *src
|
|
|
9f90df |
}
|
|
|
9f90df |
|
|
|
9f90df |
#ifdef WITH_SELINUX
|
|
|
9f90df |
- if (set_selinux_file_context (dst) != 0) {
|
|
|
9f90df |
+ if (set_selinux_file_context (dst, NULL) != 0) {
|
|
|
9f90df |
free (oldlink);
|
|
|
9f90df |
return -1;
|
|
|
9f90df |
}
|
|
|
9f90df |
@@ -684,7 +684,7 @@ static int copy_special (const char *src
|
|
|
9f90df |
int err = 0;
|
|
|
9f90df |
|
|
|
9f90df |
#ifdef WITH_SELINUX
|
|
|
9f90df |
- if (set_selinux_file_context (dst) != 0) {
|
|
|
9f90df |
+ if (set_selinux_file_context (dst, NULL) != 0) {
|
|
|
9f90df |
return -1;
|
|
|
9f90df |
}
|
|
|
9f90df |
#endif /* WITH_SELINUX */
|
|
|
9f90df |
@@ -744,7 +744,7 @@ static int copy_file (const char *src, c
|
|
|
9f90df |
return -1;
|
|
|
9f90df |
}
|
|
|
9f90df |
#ifdef WITH_SELINUX
|
|
|
9f90df |
- if (set_selinux_file_context (dst) != 0) {
|
|
|
9f90df |
+ if (set_selinux_file_context (dst, NULL) != 0) {
|
|
|
9f90df |
return -1;
|
|
|
9f90df |
}
|
|
|
9f90df |
#endif /* WITH_SELINUX */
|
|
|
9f90df |
diff -up shadow-4.1.5.1/lib/prototypes.h.orig-context shadow-4.1.5.1/lib/prototypes.h
|
|
|
9f90df |
--- shadow-4.1.5.1/lib/prototypes.h.orig-context 2012-01-08 17:04:29.000000000 +0100
|
|
|
9f90df |
+++ shadow-4.1.5.1/lib/prototypes.h 2013-02-20 15:24:17.251126575 +0100
|
|
|
9f90df |
@@ -295,7 +295,7 @@ extern /*@observer@*/const char *crypt_m
|
|
|
9f90df |
|
|
|
9f90df |
/* selinux.c */
|
|
|
9f90df |
#ifdef WITH_SELINUX
|
|
|
9f90df |
-extern int set_selinux_file_context (const char *dst_name);
|
|
|
9f90df |
+extern int set_selinux_file_context (const char *dst_name, const char *orig_name);
|
|
|
9f90df |
extern int reset_selinux_file_context (void);
|
|
|
9f90df |
#endif
|
|
|
9f90df |
|
|
|
9f90df |
diff -up shadow-4.1.5.1/lib/selinux.c.orig-context shadow-4.1.5.1/lib/selinux.c
|
|
|
9f90df |
--- shadow-4.1.5.1/lib/selinux.c.orig-context 2012-01-08 17:35:44.000000000 +0100
|
|
|
9f90df |
+++ shadow-4.1.5.1/lib/selinux.c 2013-02-20 15:16:40.383716877 +0100
|
|
|
9f90df |
@@ -50,7 +50,7 @@ static bool selinux_enabled;
|
|
|
9f90df |
* Callers may have to Reset SELinux to create files with default
|
|
|
9f90df |
* contexts with reset_selinux_file_context
|
|
|
9f90df |
*/
|
|
|
9f90df |
-int set_selinux_file_context (const char *dst_name)
|
|
|
9f90df |
+int set_selinux_file_context (const char *dst_name, const char *orig_name)
|
|
|
9f90df |
{
|
|
|
9f90df |
/*@null@*/security_context_t scontext = NULL;
|
|
|
9f90df |
|
|
|
9f90df |
@@ -62,19 +62,23 @@ int set_selinux_file_context (const char
|
|
|
9f90df |
if (selinux_enabled) {
|
|
|
9f90df |
/* Get the default security context for this file */
|
|
|
9f90df |
if (matchpathcon (dst_name, 0, &scontext) < 0) {
|
|
|
9f90df |
- if (security_getenforce () != 0) {
|
|
|
9f90df |
- return 1;
|
|
|
9f90df |
- }
|
|
|
9f90df |
+ /* We could not get the default, copy the original */
|
|
|
9f90df |
+ if (orig_name == NULL)
|
|
|
9f90df |
+ goto error;
|
|
|
9f90df |
+ if (getfilecon (orig_name, &scontext) < 0)
|
|
|
9f90df |
+ goto error;
|
|
|
9f90df |
}
|
|
|
9f90df |
/* Set the security context for the next created file */
|
|
|
9f90df |
- if (setfscreatecon (scontext) < 0) {
|
|
|
9f90df |
- if (security_getenforce () != 0) {
|
|
|
9f90df |
- return 1;
|
|
|
9f90df |
- }
|
|
|
9f90df |
- }
|
|
|
9f90df |
+ if (setfscreatecon (scontext) < 0)
|
|
|
9f90df |
+ goto error;
|
|
|
9f90df |
freecon (scontext);
|
|
|
9f90df |
}
|
|
|
9f90df |
return 0;
|
|
|
9f90df |
+ error:
|
|
|
9f90df |
+ if (security_getenforce () != 0) {
|
|
|
9f90df |
+ return 1;
|
|
|
9f90df |
+ }
|
|
|
9f90df |
+ return 0;
|
|
|
9f90df |
}
|
|
|
9f90df |
|
|
|
9f90df |
/*
|
|
|
9f90df |
diff -up shadow-4.1.5.1/src/useradd.c.orig-context shadow-4.1.5.1/src/useradd.c
|
|
|
9f90df |
--- shadow-4.1.5.1/src/useradd.c.orig-context 2012-09-19 20:23:33.000000000 +0200
|
|
|
9f90df |
+++ shadow-4.1.5.1/src/useradd.c 2013-02-20 15:19:31.221235459 +0100
|
|
|
9f90df |
@@ -1759,7 +1759,7 @@ static void create_home (void)
|
|
|
9f90df |
{
|
|
|
9f90df |
if (access (user_home, F_OK) != 0) {
|
|
|
9f90df |
#ifdef WITH_SELINUX
|
|
|
9f90df |
- if (set_selinux_file_context (user_home) != 0) {
|
|
|
9f90df |
+ if (set_selinux_file_context (user_home, NULL) != 0) {
|
|
|
9f90df |
fail_exit (E_HOMEDIR);
|
|
|
9f90df |
}
|
|
|
9f90df |
#endif
|