Selinux: Instead of getting context and then the username is

used function getuserbyname.

diff --git a/user.c b/user.c
index 923cca80a81183dcdf2111aeed0ed9288cc765af..d8d41c06d58e311cca3959c6513fde4bae4522f7 100644 (file)
--- a/user.c
+++ b/user.c
@@ -44,15 +44,26 @@ static      int get_security_context(const char *name,
        security_context_t  file_context=NULL;
        struct av_decision avd;
        int retval=0;
+       char *seuser=NULL;
+       char *level=NULL;
        *rcontext = NULL;
-       if (get_default_context(name, NULL, &scontext)) {
-               if (security_getenforce() > 0) {
-                       log_it(name, getpid(), "No SELinux security context",tabname);
-                       return -1;
-               } else {
-                       log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
-                       return 0;
+
+       if (getseuserbyname(name, &seuser, &level) == 0) {
+               retval=get_default_context_with_level(seuser, level, NULL, &scontext);
+               free(seuser);
+               free(level);
+               if (retval) {
+                       if (security_getenforce() > 0) {
+                               log_it(name, getpid(), "No SELinux security context",tabname);
+                               return -1;
+                       } else {
+                               log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
+                               return 0;
+                       }
                }
+       } else {
+               log_it(name, getpid(), "getseusername FAILED", name);
+               return (security_getenforce() > 0);
        }
        
        if (fgetfilecon(crontab_fd, &file_context) < OK) {