+2010-08-28 Nicolas François <nicolas.francois@centraliens.net>
+
+ * lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
+ selinux_file_context renamed set_selinux_file_context.
+ * lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
+ Added reset_selinux_file_context.
+ * src/useradd.c: Check the return value of
+ set_selinux_file_context and reset_selinux_file_context.
+ * libmisc/copydir.c: Check the return value of
+ reset_selinux_file_context.
+
2010-08-28 Nicolas François <nicolas.francois@centraliens.net>
* src/su.c: Fix handling of environment variables when
#include <attr/libattr.h>
#endif /* WITH_ATTR */
+#ifdef WITH_SELINUX
+static bool selinux_checked = false;
+static bool selinux_enabled;
+#endif /* WITH_SELINUX */
+
static /*@null@*/const char *src_orig;
static /*@null@*/const char *dst_orig;
#ifdef WITH_SELINUX
/*
- * selinux_file_context - Set the security context before any file or
- * directory creation.
+ * set_selinux_file_context - Set the security context before any file or
+ * directory creation.
*
- * selinux_file_context () should be called before any creation of file,
- * symlink, directory, ...
+ * set_selinux_file_context () should be called before any creation
+ * of file, symlink, directory, ...
*
* Callers may have to Reset SELinux to create files with default
- * contexts:
- * setfscreatecon (NULL);
+ * contexts with reset_selinux_file_context
*/
-int selinux_file_context (const char *dst_name)
+int set_selinux_file_context (const char *dst_name)
{
- static bool selinux_checked = false;
- static bool selinux_enabled;
/*@null@*/security_context_t scontext = NULL;
if (!selinux_checked) {
}
return 0;
}
+
+/*
+ * reset_selinux_file_context - Reset the security context to the default
+ * policy behavior
+ *
+ * reset_selinux_file_context () should be called after the context
+ * was changed with set_selinux_file_context ()
+ */
+int reset_selinux_file_context (void)
+{
+ if (!selinux_checked) {
+ selinux_enabled = is_selinux_enabled () > 0;
+ selinux_checked = true;
+ }
+ if (selinux_enabled) {
+ if (setfscreatecon (NULL) != 0) {
+ return 1;
+ }
+ }
+ return 0;
+}
#endif /* WITH_SELINUX */
#if defined(WITH_ACL) || defined(WITH_ATTR)
}
#ifdef WITH_SELINUX
- /* Reset SELinux to create files with default contexts */
- if (setfscreatecon (NULL) != 0) {
+ /* Reset SELinux to create files with default contexts.
+ * Note that the context is only reset on exit of copy_tree (it is
+ * assumed that the program would quit without needing a restored
+ * context if copy_tree failed previously), and that copy_tree can
+ * be called recursively (hence the context is set on the
+ * sub-functions of copy_entry).
+ */
+ if (reset_selinux_file_context () != 0) {
err = -1;
}
#endif /* WITH_SELINUX */
*/
#ifdef WITH_SELINUX
- if (selinux_file_context (dst) != 0) {
+ if (set_selinux_file_context (dst) != 0) {
return -1;
}
#endif /* WITH_SELINUX */
}
#ifdef WITH_SELINUX
- if (selinux_file_context (dst) != 0) {
+ if (set_selinux_file_context (dst) != 0) {
free (oldlink);
return -1;
}
int err = 0;
#ifdef WITH_SELINUX
- if (selinux_file_context (dst) != 0) {
+ if (set_selinux_file_context (dst) != 0) {
return -1;
}
#endif /* WITH_SELINUX */
return -1;
}
#ifdef WITH_SELINUX
- if (selinux_file_context (dst) != 0) {
+ if (set_selinux_file_context (dst) != 0) {
return -1;
}
#endif /* WITH_SELINUX */
projects / shadow / commitdiff