[Pkg-shadow-commits] r2688 - in upstream/trunk: . src

Wed Apr 15 17:42:27 UTC 2009

Author: nekral-guest
Date: 2009-04-15 17:42:27 +0000 (Wed, 15 Apr 2009)
New Revision: 2688

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/src/vipw.c
Log:
	* NEW, src/vipw.c: SE Linux: Set the default context to the
	context of the file being edited. This ensures that the backup
	file inherit from the file's context.

Modified: upstream/trunk/ChangeLog
===================================================================

--- upstream/trunk/ChangeLog	2009-04-14 22:38:33 UTC (rev 2687)
+++ upstream/trunk/ChangeLog	2009-04-15 17:42:27 UTC (rev 2688)
@@ -1,3 +1,9 @@
+2009-04-15  Nicolas François  <nicolas.francois at centraliens.net>
+
+	* NEW, src/vipw.c: SE Linux: Set the default context to the
+	context of the file being edited. This ensures that the backup
+	file inherit from the file's context.
+
 2009-04-14  Nicolas François  <nicolas.francois at centraliens.net>
 
 	* man/usermod.8.xml: There are no default values for --inactive

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2009-04-14 22:38:33 UTC (rev 2687)
+++ upstream/trunk/NEWS	2009-04-15 17:42:27 UTC (rev 2688)
@@ -1,5 +1,12 @@
 $Id$
 
+shadow-4.1.3 -> shadow-4.1.3.1						UNRELEASED
+
+- vipw
+  * SE Linux: Set the default context to the context of the file being
+    edited. This ensures that the backup file inherit from the file's
+    context.
+
 shadow-4.1.2.2 -> shadow-4.1.3						2009-04-12
 
 *** general:

Modified: upstream/trunk/src/vipw.c
===================================================================
--- upstream/trunk/src/vipw.c	2009-04-14 22:38:33 UTC (rev 2687)
+++ upstream/trunk/src/vipw.c	2009-04-15 17:42:27 UTC (rev 2688)
@@ -45,6 +45,10 @@
 #include "sgroupio.h"
 #include "shadowio.h"
 
+#ifdef WITH_SELINUX                                                            
+#include <selinux/selinux.h>                                                   
+#endif
+
 #define MSG_WARN_EDIT_OTHER_FILE _( \
 	"You have modified %s.\n"\
 	"You may need to modify %s for consistency.\n"\
@@ -189,6 +193,22 @@
 	if (access (file, F_OK) != 0) {
 		vipwexit (file, 1, 1);
 	}
+#ifdef WITH_SELINUX
+	/* if SE Linux is enabled then set the context of all new files
+	   to be the context of the file we are editing */
+	if (is_selinux_enabled ()) {
+		security_context_t passwd_context=NULL;
+		int ret = 0;
+		if (getfilecon (file, &passwd_context) < 0) {
+			vipwexit (_("Couldn't get file context"), errno, 1);
+		}
+		ret = setfscreatecon (passwd_context);
+		freecon (passwd_context);
+		if (0 != ret) {
+			vipwexit (_("setfscreatecon () failed"), errno, 1);
+		}
+	}
+#endif
 	if (file_lock () == 0) {
 		vipwexit (_("Couldn't lock file"), errno, 5);
 	}
@@ -260,6 +280,14 @@
 	if (st1.st_mtime == st2.st_mtime) {
 		vipwexit (0, 0, 0);
 	}
+#ifdef WITH_SELINUX                                                            
+	/* unset the fscreatecon */                                             
+	if (is_selinux_enabled ()) {
+		if (setfscreatecon (NULL)) {
+			vipwexit (_("setfscreatecon() failed"), errno, 1);
+		}
+	}
+#endif
 
 	/*
 	 * XXX - here we should check fileedit for errors; if there are any,


