From 01f78f755fde63997ccfded71fb8395569b11430 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 13 Feb 2015 17:57:35 +0100 Subject: selinux: Delete existing user mapping on empty default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://fedorahosted.org/sssd/ticket/2587 The case of SELinux default user mapping being an empty string is valid, it should translate into "pick the default context on the target machine". In case the context is empty, we need to delete the per-user mapping from the SELinux database to make sure the default is used. Reviewed-by: Michal Židek Reviewed-by: Pavel Reichl --- src/providers/ipa/ipa_selinux.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'src/providers/ipa/ipa_selinux.c') diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 4286eb163..50ff84056 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -749,7 +749,7 @@ static errno_t choose_best_seuser(TALLOC_CTX *mem_ctx, /* If no maps match, we'll use the default SELinux user from the * config */ - seuser_mls_str = talloc_strdup(tmp_ctx, default_user); + seuser_mls_str = talloc_strdup(tmp_ctx, default_user ? default_user : ""); if (seuser_mls_str == NULL) { ret = ENOMEM; goto done; @@ -1373,11 +1373,13 @@ ipa_get_selinux_maps_offline(struct tevent_req *req) return ENOMEM; } - ret = sysdb_attrs_add_string(state->defaults, - IPA_CONFIG_SELINUX_DEFAULT_USER_CTX, - default_user); - if (ret != EOK) { - return ret; + if (default_user) { + ret = sysdb_attrs_add_string(state->defaults, + IPA_CONFIG_SELINUX_DEFAULT_USER_CTX, + default_user); + if (ret != EOK) { + return ret; + } } ret = sysdb_attrs_add_string(state->defaults, -- cgit