Use the role from the crond context for system job contexts.

author Tomas Mraz <tmraz@fedoraproject.org>

Thu, 18 Oct 2018 12:25:58 +0000 (14:25 +0200)

committer Tomas Mraz <tmraz@fedoraproject.org>

Thu, 18 Oct 2018 12:25:58 +0000 (14:25 +0200)
author Tomas Mraz <tmraz@fedoraproject.org>
Thu, 18 Oct 2018 12:25:58 +0000 (14:25 +0200)
committer Tomas Mraz <tmraz@fedoraproject.org>
Thu, 18 Oct 2018 12:25:58 +0000 (14:25 +0200)
diff --git a/src/security.c b/src/security.c

index d1bdc7f1897ad9ec0936269e23c15e28343b4d38..5213cf3a9364d402b44a50f24bd0ce818f4125ca 100644 (file)
--- a/src/security.c
+++ b/src/security.c
@@ -505,6 +505,7 @@ get_security_context(const char *name, int crontab_fd,
                 retval = get_default_context_with_level(seuser, level, NULL, &scontext);
         }
         else {
+               const char *current_user, *current_role;
                 if (getcon(&current_context_str) < 0) {
                         log_it(name, getpid(), "getcon FAILED", "", 0);
                         return (security_getenforce() > 0);
@@ -517,8 +518,9 @@ get_security_context(const char *name, int crontab_fd,
                         return (security_getenforce() > 0);
                 }
  
-               const char *current_user = context_user_get(current_context);
-               retval = get_default_context_with_level(current_user, level, NULL, &scontext);
+               current_user = context_user_get(current_context);
+               current_role = context_role_get(current_context);
+               retval = get_default_context_with_rolelevel(current_user, current_role, level, NULL, &scontext);
  
                 freecon(current_context_str);
                 context_free(current_context);
author	Tomas Mraz <tmraz@fedoraproject.org>
	Thu, 18 Oct 2018 12:25:58 +0000 (14:25 +0200)
committer	Tomas Mraz <tmraz@fedoraproject.org>
	Thu, 18 Oct 2018 12:25:58 +0000 (14:25 +0200)