From b0f46a3019e0ff4f375ef07682ceb9418751707f Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 27 Jan 2015 20:32:33 +0100
Subject: SELINUX: Check the return value of setuid and setgid

Silences a Coverity warning

Reviewed-by: Pavel Reichl <preichl@redhat.com>
---
 src/providers/ipa/selinux_child.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'src/providers/ipa/selinux_child.c')

diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index 7297f5ed3..63d4b9297 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -220,11 +220,21 @@ int main(int argc, const char *argv[])
      * We need to switch also the real ID to 0.
      */
     if (getuid() != 0) {
-        setuid(0);
+        ret = setuid(0);
+        if (ret == -1) {
+            ret = errno;
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "setuid failed: %d, selinux_child might not work!\n", ret);
+        }
     }
 
     if (getgid() != 0) {
-        setgid(0);
+        ret = setgid(0);
+        if (ret == -1) {
+            ret = errno;
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "setgid failed: %d, selinux_child might not work!\n", ret);
+        }
     }
 
     DEBUG(SSSDBG_TRACE_INTERNAL,
-- 
cgit