* NEW, src/vipw.c: SE Linux: Set the default context to the
context of the file being edited. This ensures that the backup file inherit from the file's context.
This commit is contained in:
nekral-guest
@@ -1,3 +1,9 @@
|
|||||||
|
2009-04-15 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* NEW, src/vipw.c: SE Linux: Set the default context to the
|
||||||
|
context of the file being edited. This ensures that the backup
|
||||||
|
file inherit from the file's context.
|
||||||
|
|
||||||
2009-04-14 Nicolas François <nicolas.francois@centraliens.net>
|
2009-04-14 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* man/usermod.8.xml: There are no default values for --inactive
|
* man/usermod.8.xml: There are no default values for --inactive
|
||||||
|
|||||||
7
NEWS
7
NEWS
@@ -1,5 +1,12 @@
|
|||||||
$Id$
|
$Id$
|
||||||
|
|
||||||
|
shadow-4.1.3 -> shadow-4.1.3.1 UNRELEASED
|
||||||
|
|
||||||
|
- vipw
|
||||||
|
* SE Linux: Set the default context to the context of the file being
|
||||||
|
edited. This ensures that the backup file inherit from the file's
|
||||||
|
context.
|
||||||
|
|
||||||
shadow-4.1.2.2 -> shadow-4.1.3 2009-04-12
|
shadow-4.1.2.2 -> shadow-4.1.3 2009-04-12
|
||||||
|
|
||||||
*** general:
|
*** general:
|
||||||
|
|||||||
28
src/vipw.c
28
src/vipw.c
@@ -45,6 +45,10 @@
|
|||||||
#include "sgroupio.h"
|
#include "sgroupio.h"
|
||||||
#include "shadowio.h"
|
#include "shadowio.h"
|
||||||
|
|
||||||
|
#ifdef WITH_SELINUX
|
||||||
|
#include <selinux/selinux.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#define MSG_WARN_EDIT_OTHER_FILE _( \
|
#define MSG_WARN_EDIT_OTHER_FILE _( \
|
||||||
"You have modified %s.\n"\
|
"You have modified %s.\n"\
|
||||||
"You may need to modify %s for consistency.\n"\
|
"You may need to modify %s for consistency.\n"\
|
||||||
@@ -189,6 +193,22 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
|
|||||||
if (access (file, F_OK) != 0) {
|
if (access (file, F_OK) != 0) {
|
||||||
vipwexit (file, 1, 1);
|
vipwexit (file, 1, 1);
|
||||||
}
|
}
|
||||||
|
#ifdef WITH_SELINUX
|
||||||
|
/* if SE Linux is enabled then set the context of all new files
|
||||||
|
to be the context of the file we are editing */
|
||||||
|
if (is_selinux_enabled ()) {
|
||||||
|
security_context_t passwd_context=NULL;
|
||||||
|
int ret = 0;
|
||||||
|
if (getfilecon (file, &passwd_context) < 0) {
|
||||||
|
vipwexit (_("Couldn't get file context"), errno, 1);
|
||||||
|
}
|
||||||
|
ret = setfscreatecon (passwd_context);
|
||||||
|
freecon (passwd_context);
|
||||||
|
if (0 != ret) {
|
||||||
|
vipwexit (_("setfscreatecon () failed"), errno, 1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
if (file_lock () == 0) {
|
if (file_lock () == 0) {
|
||||||
vipwexit (_("Couldn't lock file"), errno, 5);
|
vipwexit (_("Couldn't lock file"), errno, 5);
|
||||||
}
|
}
|
||||||
@@ -260,6 +280,14 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
|
|||||||
if (st1.st_mtime == st2.st_mtime) {
|
if (st1.st_mtime == st2.st_mtime) {
|
||||||
vipwexit (0, 0, 0);
|
vipwexit (0, 0, 0);
|
||||||
}
|
}
|
||||||
|
#ifdef WITH_SELINUX
|
||||||
|
/* unset the fscreatecon */
|
||||||
|
if (is_selinux_enabled ()) {
|
||||||
|
if (setfscreatecon (NULL)) {
|
||||||
|
vipwexit (_("setfscreatecon() failed"), errno, 1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* XXX - here we should check fileedit for errors; if there are any,
|
* XXX - here we should check fileedit for errors; if there are any,
|
||||||
|
|||||||
Reference in New Issue
Block a user