From 9c124af8868a7d3908c03ec369e28daef17d5f12 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 30 Mar 2010 15:26:58 +0200 Subject: SELinux login management Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again. MLS security is not supported as of this patch. --- src/tools/sss_userdel.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/tools/sss_userdel.c') diff --git a/src/tools/sss_userdel.c b/src/tools/sss_userdel.c index e74424d80..464c22e74 100644 --- a/src/tools/sss_userdel.c +++ b/src/tools/sss_userdel.c @@ -278,6 +278,15 @@ int main(int argc, const char **argv) end_transaction(tctx); + /* Set SELinux login context - must be done after transaction is done + * b/c libselinux calls getpwnam */ + ret = del_seuser(tctx->octx->name); + if (ret != EOK) { + ERROR("Cannot reset SELinux login context\n"); + ret = EXIT_FAILURE; + goto fini; + } + if (!pc_kick) { ret = is_logged_in(tctx, tctx->octx->uid); switch(ret) { -- cgit