*/
static int
relabel_tty(const char *ttyn, security_context_t new_context,
- security_context_t * tty_context, security_context_t * new_tty_context)
+ security_context_t * tty_context, security_context_t * new_tty_context,
+ int enforcing)
{
int fd;
- int enforcing = security_getenforce();
security_context_t tty_con = NULL;
security_context_t new_tty_con = NULL;
if (!ttyn)
return(0);
- if (enforcing < 0) {
- warningx("unable to determine enforcing mode.");
- return(-1);
- }
-
/* Re-open TTY descriptor */
fd = open(ttyn, O_RDWR | O_NONBLOCK);
if (fd == -1) {
security_context_t tty_context = NULL;
security_context_t new_tty_context = NULL;
pid_t childPid;
- int ttyfd;
+ int enforcing, ttyfd;
/* Must have a tty. */
if (user_ttypath == NULL || *user_ttypath == '\0')
/* Store the caller's SID in old_context. */
if (getprevcon(&old_context))
error(EXIT_FAILURE, "failed to get old_context");
+
+ enforcing = security_getenforce();
+ if (enforcing < 0)
+ error(EXIT_FAILURE, "unable to determine enforcing mode.");
+
#ifdef DEBUG
warningx("your old context was %s", old_context);
exit(EXIT_FAILURE);
ttyfd = relabel_tty(user_ttypath, new_context, &tty_context,
- &new_tty_context);
+ &new_tty_context, enforcing);
if (ttyfd < 0)
error(EXIT_FAILURE, "unable to setup tty context for %s", new_context);
if (setexeccon(new_context)) {
warning("unable to set exec context to %s", new_context);
- goto error;
+ if (enforcing)
+ goto error;
+ }
+
+ if (setkeycreatecon(new_context)) {
+ warning("unable to set key creation context to %s", new_context);
+ if (enforcing)
+ goto error;
}
#ifdef WITH_AUDIT
projects / sudo / commitdiff