diff options
| author | Matthew Ife <matthew.ife@airattack-central.com> | 2011-07-01 14:27:24 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-07-05 08:02:21 -0400 |
| commit | a0253cca6c0961a22c64a319915dc2fdad10caea (patch) | |
| tree | 0c43a3f920b6a7122a80e42bcbaf881ed656c0fb /src | |
| parent | cbdf48ce2adf5cb5370a95b06010e4ba83c888a1 (diff) | |
| download | sssd-a0253cca6c0961a22c64a319915dc2fdad10caea.tar.gz sssd-a0253cca6c0961a22c64a319915dc2fdad10caea.tar.xz sssd-a0253cca6c0961a22c64a319915dc2fdad10caea.zip | |
Replace system() function with fork and execl call.
This is much more selinux friendly as it allows policy makers to call
nscd_domtrans to transition to nscd_t instead of giving more access to
the system via the corcmd_exec_bin macro.
Modified-by: Simo Sorce <ssorce@redhat.com>
Signed-off-by: Simo Sorce <ssorce@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/tools/nscd.c | 52 |
1 files changed, 30 insertions, 22 deletions
diff --git a/src/tools/nscd.c b/src/tools/nscd.c index 992f8dadd..f17fd6acc 100644 --- a/src/tools/nscd.c +++ b/src/tools/nscd.c @@ -35,9 +35,9 @@ #if defined(NSCD_PATH) && defined(HAVE_NSCD) int flush_nscd_cache(TALLOC_CTX *mem_ctx, enum nscd_db flush_db) { - char *cmd = NULL; const char *service; - int ret; + pid_t nscd_pid; + int ret, status; switch(flush_db) { case NSCD_DB_PASSWD: @@ -54,30 +54,38 @@ int flush_nscd_cache(TALLOC_CTX *mem_ctx, enum nscd_db flush_db) goto done; } - cmd = talloc_asprintf(mem_ctx, "%s %s %s", NSCD_PATH, - NSCD_RELOAD_ARG, - service); - if (!cmd) { - ret = ENOMEM; - goto done; - } - - ret = system(cmd); - if (ret) { - if (ret == -1) { - DEBUG(1, ("system(3) failed\n")); - ret = EFAULT; - goto done; + nscd_pid = fork(); + switch (nscd_pid) { + case 0: + execl(NSCD_PATH, "nscd", NSCD_RELOAD_ARG, service, NULL); + /* if this returns it is an error */ + DEBUG(1, ("execl(3) failed: %d(%s)\n", errno, strerror(errno))); + exit(errno); + case -1: + DEBUG(1, ("fork failed\n")); + ret = EFAULT; + break; + default: + do { + errno = 0; + ret = waitpid(nscd_pid, &status, 0); + } while (ret == -1 && errno == EINTR); + if (ret == 0) { + if (WIFEXITED(status)) { + ret = WEXITSTATUS(status); + if (ret > 0) { + /* The flush fails if nscd is not running, so do not care + * about the return code */ + DEBUG(8, ("Error flushing cache, is nscd running?\n")); + } + } + } else { + DEBUG(5, ("Failed to wait for children %d\n", nscd_pid)); + ret = EIO; } - /* The flush fails if nscd is not running, so do not care - * about the return code */ - DEBUG(8, ("Error flushing cache, perhaps nscd is not running\n")); } - - ret = EOK; done: - talloc_free(cmd); return ret; } |