From dc051ece278c693a671fd6e8f2576e9e36ff713a Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Mon, 25 Feb 2013 14:19:19 +0100
Subject: if selinux is disabled, ignore that selogin dir is missing

https://fedorahosted.org/sssd/ticket/1817
---
 src/responder/pam/pamsrv_cmd.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

(limited to 'src/responder/pam/pamsrv_cmd.c')

diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index bd08fed87..94de4df5f 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -378,6 +378,7 @@ static errno_t write_selinux_login_file(const char *username, char *string)
     mode_t oldmask;
     TALLOC_CTX *tmp_ctx;
     char *full_string = NULL;
+    int enforce;
     errno_t ret = EOK;
 
     len = strlen(string);
@@ -405,11 +406,22 @@ static errno_t write_selinux_login_file(const char *username, char *string)
 
     oldmask = umask(022);
     fd = mkstemp(tmp_path);
+    ret = errno;
     umask(oldmask);
     if (fd < 0) {
-        DEBUG(SSSDBG_OP_FAILURE, ("creating the temp file for SELinux "
-                                  "data failed. %s", tmp_path));
-        ret = EIO;
+        if (ret == ENOENT) {
+            /* if selinux is disabled and selogin dir does not exist,
+             * just ignore the error */
+            if (selinux_getenforcemode(&enforce) == 0 && enforce == -1) {
+                ret = EOK;
+                goto done;
+            }
+
+            /* continue if we can't get enforce mode or selinux is enabled */
+        }
+
+        DEBUG(SSSDBG_OP_FAILURE, ("unable to create temp file [%s] "
+              "for SELinux data [%d]: %s\n", tmp_path, ret, strerror(ret)));
         goto done;
     }
 
-- 
cgit