if selinux is disabled, ignore that selogin dir is missing

https://fedorahosted.org/sssd/ticket/1817

1 files changed, 15 insertions, 3 deletions

diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index d7850efae..9d38c031e 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -387,6 +387,7 @@ static errno_t write_selinux_login_file(const char *username, char *string)
     mode_t oldmask;
     TALLOC_CTX *tmp_ctx;
     char *full_string = NULL;
+    int enforce;
     errno_t ret = EOK;
 
     len = strlen(string);
@@ -414,11 +415,22 @@ static errno_t write_selinux_login_file(const char *username, char *string)
 
     oldmask = umask(022);
     fd = mkstemp(tmp_path);
+    ret = errno;
     umask(oldmask);
     if (fd < 0) {
-        DEBUG(SSSDBG_OP_FAILURE, ("creating the temp file for SELinux "
-                                  "data failed. %s", tmp_path));
-        ret = EIO;
+        if (ret == ENOENT) {
+            /* if selinux is disabled and selogin dir does not exist,
+             * just ignore the error */
+            if (selinux_getenforcemode(&enforce) == 0 && enforce == -1) {
+                ret = EOK;
+                goto done;
+            }
+
+            /* continue if we can't get enforce mode or selinux is enabled */
+        }
+
+        DEBUG(SSSDBG_OP_FAILURE, ("unable to create temp file [%s] "
+              "for SELinux data [%d]: %s\n", tmp_path, ret, strerror(ret)));
         goto done;
     }