rpms / shadow-utils

Clone
Source Code
GIT

Blame SOURCES/shadow-4.6-selinux.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic-beta c7-beta c8 c8-beta c8s c9 c9-beta
  1.   00319f3c94fd7e6004760a5ca80c2a04687f588c
  2.   SOURCES
  3.   shadow-4.6-selinux.patch
Blob History Raw
5ab9c0 
diff -up shadow-4.6/lib/semanage.c.selinux shadow-4.6/lib/semanage.c
5ab9c0 
--- shadow-4.6/lib/semanage.c.selinux	2018-04-29 18:42:37.000000000 +0200
5ab9c0 
+++ shadow-4.6/lib/semanage.c	2018-05-28 13:38:20.551008911 +0200
5ab9c0 
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name,
5ab9c0
5ab9c0 
 	ret = 0;
5ab9c0
5ab9c0 
+        /* drop obsolete matchpathcon cache */
5ab9c0 
+        matchpathcon_fini();
5ab9c0 
+
5ab9c0 
 done:
5ab9c0 
 	semanage_seuser_key_free (key);
5ab9c0 
 	semanage_handle_destroy (handle);
5ab9c0 
@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)
5ab9c0 
 	}
5ab9c0
5ab9c0 
 	ret = 0;
5ab9c0 
+
5ab9c0 
+        /* drop obsolete matchpathcon cache */
5ab9c0 
+        matchpathcon_fini();
5ab9c0 
+
5ab9c0 
 done:
5ab9c0 
 	semanage_handle_destroy (handle);
5ab9c0 
 	return ret;
5ab9c0 
diff -up shadow-4.6/src/useradd.c.selinux shadow-4.6/src/useradd.c
5ab9c0 
--- shadow-4.6/src/useradd.c.selinux	2018-05-28 13:43:30.996748997 +0200
5ab9c0 
+++ shadow-4.6/src/useradd.c	2018-05-28 13:44:04.645486199 +0200
5ab9c0 
@@ -2120,6 +2120,7 @@ static void create_mail (void)
5ab9c0 
  */
5ab9c0 
 int main (int argc, char **argv)
5ab9c0 
 {
5ab9c0 
+	int rv = E_SUCCESS;
5ab9c0 
 #ifdef ACCT_TOOLS_SETUID
5ab9c0 
 #ifdef USE_PAM
5ab9c0 
 	pam_handle_t *pamh = NULL;
5ab9c0 
@@ -2342,27 +2343,11 @@ int main (int argc, char **argv)
5ab9c0
5ab9c0 
 	usr_update ();
5ab9c0
5ab9c0 
-	if (mflg) {
5ab9c0 
-		create_home ();
5ab9c0 
-		if (home_added) {
5ab9c0 
-			copy_tree (def_template, prefix_user_home, false, false,
5ab9c0 
-			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
5ab9c0 
-		} else {
5ab9c0 
-			fprintf (stderr,
5ab9c0 
-			         _("%s: warning: the home directory already exists.\n"
5ab9c0 
-			           "Not copying any file from skel directory into it.\n"),
5ab9c0 
-			         Prog);
5ab9c0 
-		}
5ab9c0 
-
5ab9c0 
-	}
5ab9c0 
-
5ab9c0 
-	/* Do not create mail directory for system accounts */
5ab9c0 
-	if (!rflg) {
5ab9c0 
-		create_mail ();
5ab9c0 
-	}
5ab9c0 
-
5ab9c0 
 	close_files ();
5ab9c0
5ab9c0 
+	nscd_flush_cache ("passwd");
5ab9c0 
+	nscd_flush_cache ("group");
5ab9c0 
+
5ab9c0 
 	/*
5ab9c0 
 	 * tallylog_reset needs to be able to lookup
5ab9c0 
 	 * a valid existing user name,
5ab9c0 
@@ -2373,8 +2358,9 @@ int main (int argc, char **argv)
5ab9c0 
 	}
5ab9c0
5ab9c0 
 #ifdef WITH_SELINUX
5ab9c0 
-	if (Zflg) {
5ab9c0 
-		if (set_seuser (user_name, user_selinux) != 0) {
5ab9c0 
+	if (Zflg && *user_selinux) {
5ab9c0 
+		if (is_selinux_enabled () > 0) {
5ab9c0 
+		    if (set_seuser (user_name, user_selinux) != 0) {
5ab9c0 
 			fprintf (stderr,
5ab9c0 
 			         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
5ab9c0 
 			         Prog, user_name, user_selinux);
5ab9c0 
@@ -2383,14 +2369,31 @@ int main (int argc, char **argv)
5ab9c0 
 			              "adding SELinux user mapping",
5ab9c0 
 			              user_name, (unsigned int) user_id, 0);
5ab9c0 
 #endif				/* WITH_AUDIT */
5ab9c0 
-			fail_exit (E_SE_UPDATE);
5ab9c0 
+			rv = E_SE_UPDATE;
5ab9c0 
+		    }
5ab9c0 
 		}
5ab9c0 
 	}
5ab9c0 
-#endif				/* WITH_SELINUX */
5ab9c0 
+#endif
5ab9c0
5ab9c0 
-	nscd_flush_cache ("passwd");
5ab9c0 
-	nscd_flush_cache ("group");
5ab9c0 
+	if (mflg) {
5ab9c0 
+		create_home ();
5ab9c0 
+		if (home_added) {
5ab9c0 
+			copy_tree (def_template, prefix_user_home, false, true,
5ab9c0 
+			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
5ab9c0 
+		} else {
5ab9c0 
+			fprintf (stderr,
5ab9c0 
+			         _("%s: warning: the home directory already exists.\n"
5ab9c0 
+			           "Not copying any file from skel directory into it.\n"),
5ab9c0 
+			         Prog);
5ab9c0 
+		}
5ab9c0 
+
5ab9c0 
+	}
5ab9c0 
+
5ab9c0 
+	/* Do not create mail directory for system accounts */
5ab9c0 
+	if (!rflg) {
5ab9c0 
+		create_mail ();
5ab9c0 
+	}
5ab9c0
5ab9c0 
-	return E_SUCCESS;
5ab9c0 
+	return rv;
5ab9c0 
 }
5ab9c0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation