selinux: Do not fail if SELinux is not managed

Previously we failed if semanage_is_managed returned 0 or -1 (not
managed or error). With this patch we only fail in case of error and
continue normally if selinux is not managed by libsemanage at all.

Resolves:
https://fedorahosted.org/sssd/ticket/3297

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

1 files changed, 7 insertions, 2 deletions

diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c
index 380005c7a..f8dd3954a 100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -174,14 +174,19 @@ static bool seuser_needs_update(struct input_buffer *ibuf)
 
     ret = get_seuser(ibuf, ibuf->username, &db_seuser, &db_mls_range);
     DEBUG(SSSDBG_TRACE_INTERNAL,
-          "get_seuser: ret: %d seuser: %s mls: %s\n",
-          ret, db_seuser ? db_seuser : "unknown",
+          "get_seuser: ret: %d msg: [%s] seuser: %s mls: %s\n",
+          ret, sss_strerror(ret),
+          db_seuser ? db_seuser : "unknown",
           db_mls_range ? db_mls_range : "unknown");
     if (ret == EOK && db_seuser && db_mls_range &&
             strcmp(db_seuser, ibuf->seuser) == 0 &&
             strcmp(db_mls_range, ibuf->mls_range) == 0) {
         needs_update = false;
     }
+    /* OR */
+    if (ret == ERR_SELINUX_NOT_MANAGED) {
+        needs_update = false;
+    }
 
     talloc_free(db_seuser);
     talloc_free(db_mls_range);