summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/tools/sss_useradd.c2
-rw-r--r--src/tools/sss_usermod.c2
-rw-r--r--src/util/sss_semanage.c25
-rw-r--r--src/util/util.h3
4 files changed, 20 insertions, 12 deletions
diff --git a/src/tools/sss_useradd.c b/src/tools/sss_useradd.c
index 59439401e..8521b8301 100644
--- a/src/tools/sss_useradd.c
+++ b/src/tools/sss_useradd.c
@@ -205,7 +205,7 @@ int main(int argc, const char **argv)
/* Set SELinux login context - must be done after transaction is done
* b/c libselinux calls getpwnam */
- ret = set_seuser(tctx->octx->name, pc_selinux_user);
+ ret = set_seuser(tctx->octx->name, pc_selinux_user, NULL);
if (ret != EOK) {
ERROR("Cannot set SELinux login context\n");
ret = EXIT_FAILURE;
diff --git a/src/tools/sss_usermod.c b/src/tools/sss_usermod.c
index 9683c6e9e..55e943947 100644
--- a/src/tools/sss_usermod.c
+++ b/src/tools/sss_usermod.c
@@ -300,7 +300,7 @@ int main(int argc, const char **argv)
/* Set SELinux login context - must be done after transaction is done
* b/c libselinux calls getpwnam */
- ret = set_seuser(tctx->octx->name, pc_selinux_user);
+ ret = set_seuser(tctx->octx->name, pc_selinux_user, NULL);
if (ret != EOK) {
ERROR("Cannot set SELinux login context\n");
ret = EXIT_FAILURE;
diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c
index dbef3b343..3c566553f 100644
--- a/src/util/sss_semanage.c
+++ b/src/util/sss_semanage.c
@@ -22,7 +22,6 @@
#include "config.h"
#include <stdio.h>
-
#ifdef HAVE_SEMANAGE
#include <semanage/semanage.h>
#endif
@@ -118,7 +117,8 @@ fail:
static int sss_semanage_user_add(semanage_handle_t *handle,
semanage_seuser_key_t *key,
const char *login_name,
- const char *seuser_name)
+ const char *seuser_name,
+ const char *mls)
{
int ret;
semanage_seuser_t *seuser = NULL;
@@ -138,7 +138,8 @@ static int sss_semanage_user_add(semanage_handle_t *handle,
goto done;
}
- ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE);
+ ret = semanage_seuser_set_mlsrange(handle, seuser,
+ mls ? mls : DEFAULT_SERANGE);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Could not set serange for %s\n", login_name);
@@ -171,7 +172,8 @@ done:
static int sss_semanage_user_mod(semanage_handle_t *handle,
semanage_seuser_key_t *key,
const char *login_name,
- const char *seuser_name)
+ const char *seuser_name,
+ const char *mls)
{
int ret;
semanage_seuser_t *seuser = NULL;
@@ -184,7 +186,8 @@ static int sss_semanage_user_mod(semanage_handle_t *handle,
goto done;
}
- ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE);
+ ret = semanage_seuser_set_mlsrange(handle, seuser,
+ mls ? mls : DEFAULT_SERANGE);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Could not set serange for %s\n", login_name);
@@ -213,7 +216,8 @@ done:
return ret;
}
-int set_seuser(const char *login_name, const char *seuser_name)
+int set_seuser(const char *login_name, const char *seuser_name,
+ const char *mls)
{
semanage_handle_t *handle = NULL;
semanage_seuser_key_t *key = NULL;
@@ -247,14 +251,16 @@ int set_seuser(const char *login_name, const char *seuser_name)
}
if (seuser_exists) {
- ret = sss_semanage_user_mod(handle, key, login_name, seuser_name);
+ ret = sss_semanage_user_mod(handle, key, login_name, seuser_name,
+ mls);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot modify SELinux user mapping\n");
ret = EIO;
goto done;
}
} else {
- ret = sss_semanage_user_add(handle, key, login_name, seuser_name);
+ ret = sss_semanage_user_add(handle, key, login_name, seuser_name,
+ mls);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add SELinux user mapping\n");
ret = EIO;
@@ -348,7 +354,8 @@ done:
}
#else /* HAVE_SEMANAGE */
-int set_seuser(const char *login_name, const char *seuser_name)
+int set_seuser(const char *login_name, const char *seuser_name,
+ const char *mls)
{
return EOK;
}
diff --git a/src/util/util.h b/src/util/util.h
index b43ce6f50..0af4db3fe 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -592,7 +592,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx,
errno_t restore_creds(struct sss_creds *saved_creds);
/* from sss_semanage.c */
-int set_seuser(const char *login_name, const char *seuser_name);
+int set_seuser(const char *login_name, const char *seuser_name,
+ const char *mlsrange);
int del_seuser(const char *login_name);
#endif /* __SSSD_UTIL_H__ */