* lib/commonio.c: Fix labeling of /etc/{passwd,shadow,group,gshadow}.

	It will basically label them with same context as
	/etc/{passwd+,shadow+,group+,gshadow+}

diff --git a/ChangeLog b/ChangeLog
index 730796b8deeb0838005d4fdd54b865cf13dc2c72..98f1a27fd0b1a6e6b0c4c746c6c12c0d3da8cd2b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-05-18  Peter Vrabec  <pvrabec@redhat.com>
+
+       * lib/commonio.c: Fix labeling of /etc/{passwd,shadow,group,gshadow}.
+       It will basically label them with same context as
+       /etc/{passwd+,shadow+,group+,gshadow+}
+
 2012-05-18  Nicolas François  <nicolas.francois@centraliens.net>
 
        * src/pwunconv.c: Do not check spw_close() return value (file is

diff --git a/lib/commonio.c b/lib/commonio.c
index 11e46cd00f4e308654512a7442ddf9cb378b5381..1c0555c32eacfbd0d842b12e332c4adbbb854bf9 100644 (file)
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -977,6 +977,12 @@ int commonio_close (struct commonio_db *db)
 
        snprintf (buf, sizeof buf, "%s+", db->filename);
 
+#ifdef WITH_SELINUX
+       if (set_selinux_file_context (buf) != 0) {
+               errors++;
+       }
+#endif
+
        db->fp = fopen_set_perms (buf, "w", &sb);
        if (NULL == db->fp) {
                goto fail;
@@ -1011,6 +1017,12 @@ int commonio_close (struct commonio_db *db)
                goto fail;
        }
 
+#ifdef WITH_SELINUX
+       if (reset_selinux_file_context () != 0) {
+               goto fail;
+       }
+#endif
+
        nscd_need_reload = true;
        goto success;
       fail: