SELINUX: Check the return value of setuid and setgid

Silences a Coverity warning Reviewed-by: Pavel Reichl <preichl@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2015-01-27 20:32:33 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-02-13 18:30:30 +0100
commit: b0f46a3019e0ff4f375ef07682ceb9418751707f (patch)
tree: 48f8f5c7bca98f4498d2740f5aeed781a285af4e /src
parent: 842fe49b8c53d84b7f5b7cf67338abb038b5a617 (diff)
download: sssd-b0f46a3019e0ff4f375ef07682ceb9418751707f.tar.gz
sssd-b0f46a3019e0ff4f375ef07682ceb9418751707f.tar.xz
sssd-b0f46a3019e0ff4f375ef07682ceb9418751707f.zip
1 files changed, 12 insertions, 2 deletions
diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index 7297f5ed3..63d4b9297 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -220,11 +220,21 @@ int main(int argc, const char *argv[])
      * We need to switch also the real ID to 0.
      */
     if (getuid() != 0) {
-        setuid(0);
+        ret = setuid(0);
+        if (ret == -1) {
+            ret = errno;
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "setuid failed: %d, selinux_child might not work!\n", ret);
+        }
     }
 
     if (getgid() != 0) {
-        setgid(0);
+        ret = setgid(0);
+        if (ret == -1) {
+            ret = errno;
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "setgid failed: %d, selinux_child might not work!\n", ret);
+        }
     }
 
     DEBUG(SSSDBG_TRACE_INTERNAL,
author	Jakub Hrozek <jhrozek@redhat.com>	2015-01-27 20:32:33 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-02-13 18:30:30 +0100
commit	b0f46a3019e0ff4f375ef07682ceb9418751707f (patch)
tree	48f8f5c7bca98f4498d2740f5aeed781a285af4e /src
parent	842fe49b8c53d84b7f5b7cf67338abb038b5a617 (diff)
download	sssd-b0f46a3019e0ff4f375ef07682ceb9418751707f.tar.gz sssd-b0f46a3019e0ff4f375ef07682ceb9418751707f.tar.xz sssd-b0f46a3019e0ff4f375ef07682ceb9418751707f.zip