From: Marcela Mašláňová Date: Fri, 22 May 2009 06:04:22 +0000 (+0200) Subject: Remove unused function cron_get_job_context. X-Git-Tag: cronie1.4~25 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=08e5d150502898c1f31c0a3ed77610487fdf79ca;p=cronie Remove unused function cron_get_job_context. --- diff --git a/man/cron.8 b/man/cron.8 index c14f23f..827e6b3 100644 --- a/man/cron.8 +++ b/man/cron.8 @@ -19,7 +19,7 @@ .\" .\" $Id: cron.8,v 1.8 2004/01/23 19:03:32 vixie Exp $ .\" -.TH CRON "8" "26 June 2008" "Linux Programmer's Manual" +.TH CRON "8" "20 May 2009" "Linux Programmer's Manual" .UC 4 .SH NAME cron \- daemon to execute scheduled commands (cronie V1.2) @@ -112,7 +112,7 @@ On Red Hat systems, crond now supports access control with PAM - see .IR pam (8). A PAM configuration file for crond is installed in /etc/pam.d/crond. crond loads the PAM environment from the pam_env module, but these -can be overriden by settings in the crontab file. +can be overriden by settings in the appropriate crontab file. .SH "OPTIONS" .TP .B "\-m" @@ -153,4 +153,4 @@ This is a limitation of inotify API. .IR pam (8) .SH AUTHOR .nf -Marcela MaÅ¡láňová \ No newline at end of file +Marcela MaÅ¡láňová diff --git a/src/funcs.h b/src/funcs.h index c00452f..32d90c2 100644 --- a/src/funcs.h +++ b/src/funcs.h @@ -97,8 +97,6 @@ int cron_change_user( struct passwd *pw, char *homedir ); int cron_change_user_permanently( struct passwd *pw ); -int cron_get_job_context( user *u, void *scontextp, void *file_contextp, char **envp ); - int get_security_context(const char *name, int crontab_fd, security_context_t *rcontext, diff --git a/src/security.c b/src/security.c index 5db26ed..26ede72 100644 --- a/src/security.c +++ b/src/security.c @@ -261,42 +261,6 @@ static int cron_authorize_range return 1; } -int cron_get_job_context(user *u, void *scontextp, void *file_contextp, char **jobenv) { -#if WITH_SELINUX - char *sroletype; - - if (is_selinux_enabled() <= 0) - return 0; - if ((file_contextp == 0) || (scontextp == 0L)) - return -1; - - *((security_context_t*)scontextp) = u->scontext; - *((void **)file_contextp) = 0L; - - if ((sroletype = env_get("SELINUX_ROLE_TYPE",jobenv)) != 0L) { - *((security_context_t*)scontextp) = (security_context_t) sroletype; - - char crontab[MAX_FNAME]; - if (strcmp(u->name,"*system*") == 0) - strncpy(crontab, u->tabname, MAX_FNAME); - else - snprintf(crontab, MAX_FNAME, "%s/%s", CRONDIR, u->tabname); - - if (getfilecon( crontab, file_contextp ) == -1) { - if (security_getenforce() > 0) { - log_it(u->name, getpid(), "getfilecon FAILED for SELINUX_ROLE_TYPE", - sroletype, 0); - return -1; - } else if (access( crontab, F_OK ) == 0) - log_it(u->name, getpid(), - "getfilecon FAILED but SELinux in permissive mode, continuing " - "- SELINUX_ROLE_TYPE", sroletype, 0); - } - } -#endif - return 0; -} - #if WITH_SELINUX /* always uses u->scontext as the default process context, then changes the level, and retuns it in ucontextp (or NULL otherwise) */