SELINUX: Set and reset umask when caling set_seuser from deamon code

https://fedorahosted.org/sssd/ticket/2563 Reviewed-by: Michal Židek <mzidek@redhat.com> (cherry picked from commit 8f78b6442f3176ee43aa06704a3adb9f4ac625d6)
author: Jakub Hrozek <jhrozek@redhat.com> 2015-01-27 11:12:18 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-01-27 18:07:25 +0100
commit: b8894eb53017af67224d05470d2cdd2a65070a41 (patch)
tree: 71b462c384110d8a78d7b6f52d17b2b49b3606a8 /src/util
parent: 6772568c21cbea19c63ff047a5f668dc3372a114 (diff)
download: sssd-b8894eb53017af67224d05470d2cdd2a65070a41.tar.gz
sssd-b8894eb53017af67224d05470d2cdd2a65070a41.tar.xz
sssd-b8894eb53017af67224d05470d2cdd2a65070a41.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/util/util.h b/src/util/util.h
index 23624c815..bf3a9a057 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -628,6 +628,10 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx,
 errno_t restore_creds(struct sss_creds *saved_creds);
 
 /* from sss_semanage.c */
+/* Please note that libsemange relies on files and directories created with
+ * certain permissions. Therefore the caller should make sure the umask is
+ * not too restricted (especially when called from the daemon code).
+ */
 int set_seuser(const char *login_name, const char *seuser_name,
                const char *mlsrange);
 int del_seuser(const char *login_name);
author	Jakub Hrozek <jhrozek@redhat.com>	2015-01-27 11:12:18 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-01-27 18:07:25 +0100
commit	b8894eb53017af67224d05470d2cdd2a65070a41 (patch)
tree	71b462c384110d8a78d7b6f52d17b2b49b3606a8 /src/util
parent	6772568c21cbea19c63ff047a5f668dc3372a114 (diff)
download	sssd-b8894eb53017af67224d05470d2cdd2a65070a41.tar.gz sssd-b8894eb53017af67224d05470d2cdd2a65070a41.tar.xz sssd-b8894eb53017af67224d05470d2cdd2a65070a41.zip