+2009-04-15 Nicolas François <nicolas.francois@centraliens.net>
+
+ * NEW, src/vipw.c: SE Linux: Set the default context to the
+ context of the file being edited. This ensures that the backup
+ file inherit from the file's context.
+
2009-04-14 Nicolas François <nicolas.francois@centraliens.net>
* man/usermod.8.xml: There are no default values for --inactive
$Id$
+shadow-4.1.3 -> shadow-4.1.3.1 UNRELEASED
+
+- vipw
+ * SE Linux: Set the default context to the context of the file being
+ edited. This ensures that the backup file inherit from the file's
+ context.
+
shadow-4.1.2.2 -> shadow-4.1.3 2009-04-12
*** general:
#include "sgroupio.h"
#include "shadowio.h"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
+
#define MSG_WARN_EDIT_OTHER_FILE _( \
"You have modified %s.\n"\
"You may need to modify %s for consistency.\n"\
if (access (file, F_OK) != 0) {
vipwexit (file, 1, 1);
}
+#ifdef WITH_SELINUX
+ /* if SE Linux is enabled then set the context of all new files
+ to be the context of the file we are editing */
+ if (is_selinux_enabled ()) {
+ security_context_t passwd_context=NULL;
+ int ret = 0;
+ if (getfilecon (file, &passwd_context) < 0) {
+ vipwexit (_("Couldn't get file context"), errno, 1);
+ }
+ ret = setfscreatecon (passwd_context);
+ freecon (passwd_context);
+ if (0 != ret) {
+ vipwexit (_("setfscreatecon () failed"), errno, 1);
+ }
+ }
+#endif
if (file_lock () == 0) {
vipwexit (_("Couldn't lock file"), errno, 5);
}
if (st1.st_mtime == st2.st_mtime) {
vipwexit (0, 0, 0);
}
+#ifdef WITH_SELINUX
+ /* unset the fscreatecon */
+ if (is_selinux_enabled ()) {
+ if (setfscreatecon (NULL)) {
+ vipwexit (_("setfscreatecon() failed"), errno, 1);
+ }
+ }
+#endif
/*
* XXX - here we should check fileedit for errors; if there are any,
projects / shadow / commitdiff