From 8a1e92aff17be6266d0dc89321082e062af05832 Mon Sep 17 00:00:00 2001 From: ikerexxe Date: Wed, 5 Feb 2020 15:04:39 +0100 Subject: [PATCH] useradd: generate /var/spool/mail/$USER with the proper SELinux user identity Explanation: use set_selinux_file_context() and reset_selinux_file_context() for create_mail() just as is done for create_home() Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690527 --- src/useradd.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/useradd.c b/src/useradd.c index a679392d..645d4a40 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -190,6 +190,7 @@ static bool home_added = false; #define E_NAME_IN_USE 9 /* username already in use */ #define E_GRP_UPDATE 10 /* can't update group file */ #define E_HOMEDIR 12 /* can't create home directory */ +#define E_MAILBOXFILE 13 /* can't create mailbox file */ #define E_SE_UPDATE 14 /* can't update SELinux user mapping */ #ifdef ENABLE_SUBIDS #define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */ @@ -2210,6 +2211,16 @@ static void create_mail (void) sprintf (file, "%s/%s/%s", prefix, spool, user_name); else sprintf (file, "%s/%s", spool, user_name); + +#ifdef WITH_SELINUX + if (set_selinux_file_context (file) != 0) { + fprintf (stderr, + _("%s: cannot set SELinux context for mailbox file %s\n"), + Prog, file); + fail_exit (E_MAILBOXFILE); + } +#endif + fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0); if (fd < 0) { perror (_("Creating mailbox file")); @@ -2234,6 +2245,15 @@ static void create_mail (void) fsync (fd); close (fd); +#ifdef WITH_SELINUX + /* Reset SELinux to create files with default contexts */ + if (reset_selinux_file_context () != 0) { + fprintf (stderr, + _("%s: cannot reset SELinux file creation context\n"), + Prog); + fail_exit (E_MAILBOXFILE); + } +#endif } }