From ebb1f28998c06984765e3e78d30911c1c3ec84e2 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 13 Sep 2012 10:07:29 +0200 Subject: SELinux: Always use the default if it exists on the server https://fedorahosted.org/sssd/ticket/1513 This is a counterpart of the FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3045 During an e-mail discussion, it was decided that * if the default is set in the IPA config object, the SSSD would use that default no matter what * if the default is not set (aka empty or missing), the SSSD would just use the system default and skip creating the login file altogether --- src/db/sysdb_selinux.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'src/db') diff --git a/src/db/sysdb_selinux.c b/src/db/sysdb_selinux.c index bc067225b..857b17d95 100644 --- a/src/db/sysdb_selinux.c +++ b/src/db/sysdb_selinux.c @@ -191,6 +191,11 @@ errno_t sysdb_store_selinux_config(struct sysdb_ctx *sysdb, return ENOMEM; } + if (!order) { + DEBUG(SSSDBG_CRIT_FAILURE, ("The SELinux order is missing\n")); + return EINVAL; + } + if (default_user) { ret = sysdb_attrs_add_string(attrs, SYSDB_SELINUX_DEFAULT_USER, default_user); @@ -205,7 +210,7 @@ errno_t sysdb_store_selinux_config(struct sysdb_ctx *sysdb, goto done; } - ret = sysdb_store_selinux_entity(sysdb, attrs, SELINUX_CONFIG); + ret = sysdb_store_selinux_entity(sysdb, attrs, SELINUX_CONFIG); done: talloc_free(attrs); return ret; @@ -344,7 +349,9 @@ errno_t sysdb_search_selinux_usermap_by_username(TALLOC_CTX *mem_ctx, ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs, &msgs_count, &msgs); - if (ret) { + if (ret == ENOENT) { + msgs_count = 0; + } else if (ret) { goto done; } -- cgit