diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-01-27 11:12:18 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-01-27 18:07:25 +0100 |
commit | b8894eb53017af67224d05470d2cdd2a65070a41 (patch) | |
tree | 71b462c384110d8a78d7b6f52d17b2b49b3606a8 /src/util | |
parent | 6772568c21cbea19c63ff047a5f668dc3372a114 (diff) | |
download | sssd-b8894eb53017af67224d05470d2cdd2a65070a41.tar.gz sssd-b8894eb53017af67224d05470d2cdd2a65070a41.tar.xz sssd-b8894eb53017af67224d05470d2cdd2a65070a41.zip |
SELINUX: Set and reset umask when caling set_seuser from deamon code
https://fedorahosted.org/sssd/ticket/2563
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit 8f78b6442f3176ee43aa06704a3adb9f4ac625d6)
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/util.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/util/util.h b/src/util/util.h index 23624c815..bf3a9a057 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -628,6 +628,10 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx, errno_t restore_creds(struct sss_creds *saved_creds); /* from sss_semanage.c */ +/* Please note that libsemange relies on files and directories created with + * certain permissions. Therefore the caller should make sure the umask is + * not too restricted (especially when called from the daemon code). + */ int set_seuser(const char *login_name, const char *seuser_name, const char *mlsrange); int del_seuser(const char *login_name); |