From 8f78b6442f3176ee43aa06704a3adb9f4ac625d6 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 27 Jan 2015 11:12:18 +0100
Subject: SELINUX: Set and reset umask when caling set_seuser from deamon code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

https://fedorahosted.org/sssd/ticket/2563

Reviewed-by: Michal Židek <mzidek@redhat.com>
---
 src/util/util.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/util')

diff --git a/src/util/util.h b/src/util/util.h
index 4ee9bad11..22d6ef0a4 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -640,6 +640,10 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx,
 errno_t restore_creds(struct sss_creds *saved_creds);
 
 /* from sss_semanage.c */
+/* Please note that libsemange relies on files and directories created with
+ * certain permissions. Therefore the caller should make sure the umask is
+ * not too restricted (especially when called from the daemon code).
+ */
 int set_seuser(const char *login_name, const char *seuser_name,
                const char *mlsrange);
 int del_seuser(const char *login_name);
-- 
cgit