diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2010-03-30 15:26:58 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-04-08 08:53:35 -0400 |
| commit | 9c124af8868a7d3908c03ec369e28daef17d5f12 (patch) | |
| tree | 2efdddd72acb1d48941c2ee9749c6ad7cadb8697 /src/tools/sss_userdel.c | |
| parent | 81020661d35772b5499525b76a19c9a3794c953e (diff) | |
| download | sssd-9c124af8868a7d3908c03ec369e28daef17d5f12.tar.gz sssd-9c124af8868a7d3908c03ec369e28daef17d5f12.tar.xz sssd-9c124af8868a7d3908c03ec369e28daef17d5f12.zip | |
SELinux login management
Adds a new option -Z to sss_useradd and sss_usermod. This option allows
user to specify the SELinux login context for the user. On deleting the
user with sss_userdel, the login mapping is deleted, so subsequent
adding of the same user would result in the default login context unless
-Z is specified again.
MLS security is not supported as of this patch.
Diffstat (limited to 'src/tools/sss_userdel.c')
| -rw-r--r-- | src/tools/sss_userdel.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/tools/sss_userdel.c b/src/tools/sss_userdel.c index e74424d80..464c22e74 100644 --- a/src/tools/sss_userdel.c +++ b/src/tools/sss_userdel.c @@ -278,6 +278,15 @@ int main(int argc, const char **argv) end_transaction(tctx); + /* Set SELinux login context - must be done after transaction is done + * b/c libselinux calls getpwnam */ + ret = del_seuser(tctx->octx->name); + if (ret != EOK) { + ERROR("Cannot reset SELinux login context\n"); + ret = EXIT_FAILURE; + goto fini; + } + if (!pc_kick) { ret = is_logged_in(tctx, tctx->octx->uid); switch(ret) { |