emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Merge pull request #422 from ikerexxe/home_selinux_user

Browse Source 
Create the home and mail directories with SELinux user label
This commit is contained in:
Serge Hallyn 2021-10-26 20:08:21 -05:00 committed by GitHub
commit 7d02af944f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 30 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/prototypes.h
View File

@ -392,6 +392,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const
/* selinux.c */ /* selinux.c */
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
extern int set_selinux_file_context (const char *dst_name, mode_t mode); extern int set_selinux_file_context (const char *dst_name, mode_t mode);
extern void reset_selinux_handle (void);
extern int reset_selinux_file_context (void); extern int reset_selinux_file_context (void);
extern int check_selinux_permit (const char *perm_name); extern int check_selinux_permit (const char *perm_name);
#endif #endif

5
lib/selinux.c
View File

@ -50,6 +50,11 @@ static void cleanup(void)
} }
} }
void reset_selinux_handle (void)
{
cleanup();
}
/* /*
* set_selinux_file_context - Set the security context before any file or * set_selinux_file_context - Set the security context before any file or
* directory creation. * directory creation.

1
lib/semanage.c
View File

@ -293,6 +293,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
} }
ret = 0; ret = 0;
reset_selinux_handle();
done: done:
semanage_seuser_key_free (key); semanage_seuser_key_free (key);

46
src/useradd.c
View File

@ -2670,27 +2670,12 @@ int main (int argc, char **argv)
usr_update (subuid_count, subgid_count); usr_update (subuid_count, subgid_count);
if (mflg) {
create_home ();
if (home_added) {
copy_tree (def_template, prefix_user_home, false, false,
(uid_t)-1, user_id, (gid_t)-1, user_gid);
} else {
fprintf (stderr,
_("%s: warning: the home directory %s already exists.\n"
"%s: Not copying any file from skel directory into it.\n"),
Prog, user_home, Prog);
}
}
/* Do not create mail directory for system accounts */
if (!rflg) {
create_mail ();
}
close_files (); close_files ();
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
/* /*
* tallylog_reset needs to be able to lookup * tallylog_reset needs to be able to lookup
* a valid existing user name, * a valid existing user name,
@ -2716,15 +2701,30 @@ int main (int argc, char **argv)
} }
#endif /* WITH_SELINUX */ #endif /* WITH_SELINUX */
if (mflg) {
create_home ();
if (home_added) {
copy_tree (def_template, prefix_user_home, false, false,
(uid_t)-1, user_id, (gid_t)-1, user_gid);
} else {
fprintf (stderr,
_("%s: warning: the home directory %s already exists.\n"
"%s: Not copying any file from skel directory into it.\n"),
Prog, user_home, Prog);
}
}
/* Do not create mail directory for system accounts */
if (!rflg) {
create_mail ();
}
if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name, if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name,
"useradd")) { "useradd")) {
exit(1); exit(1);
} }
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
return E_SUCCESS; return E_SUCCESS;
} }