diff options
-rw-r--r-- | src/tools/sss_useradd.c | 2 | ||||
-rw-r--r-- | src/tools/sss_usermod.c | 2 | ||||
-rw-r--r-- | src/util/sss_semanage.c | 25 | ||||
-rw-r--r-- | src/util/util.h | 3 |
4 files changed, 20 insertions, 12 deletions
diff --git a/src/tools/sss_useradd.c b/src/tools/sss_useradd.c index 59439401e..8521b8301 100644 --- a/src/tools/sss_useradd.c +++ b/src/tools/sss_useradd.c @@ -205,7 +205,7 @@ int main(int argc, const char **argv) /* Set SELinux login context - must be done after transaction is done * b/c libselinux calls getpwnam */ - ret = set_seuser(tctx->octx->name, pc_selinux_user); + ret = set_seuser(tctx->octx->name, pc_selinux_user, NULL); if (ret != EOK) { ERROR("Cannot set SELinux login context\n"); ret = EXIT_FAILURE; diff --git a/src/tools/sss_usermod.c b/src/tools/sss_usermod.c index 9683c6e9e..55e943947 100644 --- a/src/tools/sss_usermod.c +++ b/src/tools/sss_usermod.c @@ -300,7 +300,7 @@ int main(int argc, const char **argv) /* Set SELinux login context - must be done after transaction is done * b/c libselinux calls getpwnam */ - ret = set_seuser(tctx->octx->name, pc_selinux_user); + ret = set_seuser(tctx->octx->name, pc_selinux_user, NULL); if (ret != EOK) { ERROR("Cannot set SELinux login context\n"); ret = EXIT_FAILURE; diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c index dbef3b343..3c566553f 100644 --- a/src/util/sss_semanage.c +++ b/src/util/sss_semanage.c @@ -22,7 +22,6 @@ #include "config.h" #include <stdio.h> - #ifdef HAVE_SEMANAGE #include <semanage/semanage.h> #endif @@ -118,7 +117,8 @@ fail: static int sss_semanage_user_add(semanage_handle_t *handle, semanage_seuser_key_t *key, const char *login_name, - const char *seuser_name) + const char *seuser_name, + const char *mls) { int ret; semanage_seuser_t *seuser = NULL; @@ -138,7 +138,8 @@ static int sss_semanage_user_add(semanage_handle_t *handle, goto done; } - ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); + ret = semanage_seuser_set_mlsrange(handle, seuser, + mls ? mls : DEFAULT_SERANGE); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not set serange for %s\n", login_name); @@ -171,7 +172,8 @@ done: static int sss_semanage_user_mod(semanage_handle_t *handle, semanage_seuser_key_t *key, const char *login_name, - const char *seuser_name) + const char *seuser_name, + const char *mls) { int ret; semanage_seuser_t *seuser = NULL; @@ -184,7 +186,8 @@ static int sss_semanage_user_mod(semanage_handle_t *handle, goto done; } - ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); + ret = semanage_seuser_set_mlsrange(handle, seuser, + mls ? mls : DEFAULT_SERANGE); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not set serange for %s\n", login_name); @@ -213,7 +216,8 @@ done: return ret; } -int set_seuser(const char *login_name, const char *seuser_name) +int set_seuser(const char *login_name, const char *seuser_name, + const char *mls) { semanage_handle_t *handle = NULL; semanage_seuser_key_t *key = NULL; @@ -247,14 +251,16 @@ int set_seuser(const char *login_name, const char *seuser_name) } if (seuser_exists) { - ret = sss_semanage_user_mod(handle, key, login_name, seuser_name); + ret = sss_semanage_user_mod(handle, key, login_name, seuser_name, + mls); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot modify SELinux user mapping\n"); ret = EIO; goto done; } } else { - ret = sss_semanage_user_add(handle, key, login_name, seuser_name); + ret = sss_semanage_user_add(handle, key, login_name, seuser_name, + mls); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add SELinux user mapping\n"); ret = EIO; @@ -348,7 +354,8 @@ done: } #else /* HAVE_SEMANAGE */ -int set_seuser(const char *login_name, const char *seuser_name) +int set_seuser(const char *login_name, const char *seuser_name, + const char *mls) { return EOK; } diff --git a/src/util/util.h b/src/util/util.h index b43ce6f50..0af4db3fe 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -592,7 +592,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx, errno_t restore_creds(struct sss_creds *saved_creds); /* from sss_semanage.c */ -int set_seuser(const char *login_name, const char *seuser_name); +int set_seuser(const char *login_name, const char *seuser_name, + const char *mlsrange); int del_seuser(const char *login_name); #endif /* __SSSD_UTIL_H__ */ |