From ecc95c053abb32c6170f0b069c9ea610357cb9d5 Mon Sep 17 00:00:00 2001 From: Michal Zidek Date: Thu, 11 Apr 2013 07:12:47 -0400 Subject: sssd fails with readonly SELinux login files Do not try to remove SELinux login file if SELinux support is not available. https://fedorahosted.org/sssd/ticket/1868 --- src/responder/pam/pamsrv_cmd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/responder') diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 94de4df5f..a180a8f1d 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -514,6 +514,7 @@ static errno_t process_selinux_mappings(struct pam_auth_req *preq) int i, j; size_t order_count; size_t len = 0; + bool selinux_support = false; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -537,6 +538,8 @@ static errno_t process_selinux_mappings(struct pam_auth_req *preq) } else if (ret != EOK) { goto done; } + /* Now we know that SELinux support is available */ + selinux_support = true; default_user = ldb_msg_find_attr_as_string(config, SYSDB_SELINUX_DEFAULT_USER, @@ -642,7 +645,7 @@ static errno_t process_selinux_mappings(struct pam_auth_req *preq) ret = write_selinux_login_file(pd->user, file_content); done: - if (!file_content) { + if (!file_content && selinux_support) { err = remove_selinux_login_file(pd->user); /* Don't overwrite original error condition if there was one */ if (ret == EOK) ret = err; -- cgit