[Pkg-shadow-commits] r3272 - in upstream/trunk: . lib libmisc src

Sat Aug 28 19:58:01 UTC 2010

Author: nekral-guest
Date: 2010-08-28 19:58:00 +0000 (Sat, 28 Aug 2010)
New Revision: 3272

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/lib/prototypes.h
   upstream/trunk/libmisc/copydir.c
   upstream/trunk/src/useradd.c
Log:
	* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
	selinux_file_context renamed set_selinux_file_context.
	* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
	Added reset_selinux_file_context.
	* src/useradd.c: Check the return value of
	set_selinux_file_context and reset_selinux_file_context.
	* libmisc/copydir.c: Check the return value of
	reset_selinux_file_context.


Modified: upstream/trunk/ChangeLog
===================================================================

--- upstream/trunk/ChangeLog	2010-08-28 19:55:31 UTC (rev 3271)
+++ upstream/trunk/ChangeLog	2010-08-28 19:58:00 UTC (rev 3272)
@@ -1,5 +1,16 @@
 2010-08-28  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
+	selinux_file_context renamed set_selinux_file_context.
+	* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
+	Added reset_selinux_file_context.
+	* src/useradd.c: Check the return value of
+	set_selinux_file_context and reset_selinux_file_context.
+	* libmisc/copydir.c: Check the return value of
+	reset_selinux_file_context.
+
+2010-08-28  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* src/su.c: Fix handling of environment variables when
 	the environment is not changed. In particular, this makes su
 	behave as documented regarding PATH and IFS (i.e. they are reset)

Modified: upstream/trunk/lib/prototypes.h
===================================================================
--- upstream/trunk/lib/prototypes.h	2010-08-28 19:55:31 UTC (rev 3271)
+++ upstream/trunk/lib/prototypes.h	2010-08-28 19:58:00 UTC (rev 3272)
@@ -123,7 +123,8 @@
                       uid_t old_uid, uid_t new_uid,
                       gid_t old_gid, gid_t new_gid);
 #ifdef WITH_SELINUX
-extern int selinux_file_context (const char *dst_name);
+extern int set_selinux_file_context (const char *dst_name);
+extern int reset_selinux_file_context (void);
 #endif
 
 /* encrypt.c */

Modified: upstream/trunk/libmisc/copydir.c
===================================================================
--- upstream/trunk/libmisc/copydir.c	2010-08-28 19:55:31 UTC (rev 3271)
+++ upstream/trunk/libmisc/copydir.c	2010-08-28 19:58:00 UTC (rev 3272)
@@ -55,6 +55,11 @@
 #include <attr/libattr.h>
 #endif				/* WITH_ATTR */
 
+#ifdef WITH_SELINUX
+static bool selinux_checked = false;
+static bool selinux_enabled;
+#endif				/* WITH_SELINUX */
+
 static /*@null@*/const char *src_orig;
 static /*@null@*/const char *dst_orig;
 
@@ -109,20 +114,17 @@
 
 #ifdef WITH_SELINUX
 /*
- * selinux_file_context - Set the security context before any file or
- *                        directory creation.
+ * set_selinux_file_context - Set the security context before any file or
+ *                            directory creation.
  *
- *	selinux_file_context () should be called before any creation of file,
- *	symlink, directory, ...
+ *	set_selinux_file_context () should be called before any creation
+ *	of file, symlink, directory, ...
  *
  *	Callers may have to Reset SELinux to create files with default
- *	contexts:
- *		setfscreatecon (NULL);
+ *	contexts with reset_selinux_file_context
  */
-int selinux_file_context (const char *dst_name)
+int set_selinux_file_context (const char *dst_name)
 {
-	static bool selinux_checked = false;
-	static bool selinux_enabled;
 	/*@null@*/security_context_t scontext = NULL;
 
 	if (!selinux_checked) {
@@ -147,6 +149,27 @@
 	}
 	return 0;
 }
+
+/*
+ * reset_selinux_file_context - Reset the security context to the default
+ *                              policy behavior
+ *
+ *	reset_selinux_file_context () should be called after the context
+ *	was changed with set_selinux_file_context ()
+ */
+int reset_selinux_file_context (void)
+{
+	if (!selinux_checked) {
+		selinux_enabled = is_selinux_enabled () > 0;
+		selinux_checked = true;
+	}
+	if (selinux_enabled) {
+		if (setfscreatecon (NULL) != 0) {
+			return 1;
+		}
+	}
+	return 0;
+}
 #endif				/* WITH_SELINUX */
 
 #if defined(WITH_ACL) || defined(WITH_ATTR)
@@ -373,8 +396,14 @@
 	}
 
 #ifdef WITH_SELINUX
-	/* Reset SELinux to create files with default contexts */
-	if (setfscreatecon (NULL) != 0) {
+	/* Reset SELinux to create files with default contexts.
+	 * Note that the context is only reset on exit of copy_tree (it is
+	 * assumed that the program would quit without needing a restored
+	 * context if copy_tree failed previously), and that copy_tree can
+	 * be called recursively (hence the context is set on the
+	 * sub-functions of copy_entry).
+	 */
+	if (reset_selinux_file_context () != 0) {
 		err = -1;
 	}
 #endif				/* WITH_SELINUX */
@@ -511,7 +540,7 @@
 	 */
 
 #ifdef WITH_SELINUX
-	if (selinux_file_context (dst) != 0) {
+	if (set_selinux_file_context (dst) != 0) {
 		return -1;
 	}
 #endif				/* WITH_SELINUX */
@@ -629,7 +658,7 @@
 	}
 
 #ifdef WITH_SELINUX
-	if (selinux_file_context (dst) != 0) {
+	if (set_selinux_file_context (dst) != 0) {
 		free (oldlink);
 		return -1;
 	}
@@ -708,7 +737,7 @@
 	int err = 0;
 
 #ifdef WITH_SELINUX
-	if (selinux_file_context (dst) != 0) {
+	if (set_selinux_file_context (dst) != 0) {
 		return -1;
 	}
 #endif				/* WITH_SELINUX */
@@ -765,7 +794,7 @@
 		return -1;
 	}
 #ifdef WITH_SELINUX
-	if (selinux_file_context (dst) != 0) {
+	if (set_selinux_file_context (dst) != 0) {
 		return -1;
 	}
 #endif				/* WITH_SELINUX */

Modified: upstream/trunk/src/useradd.c
===================================================================
--- upstream/trunk/src/useradd.c	2010-08-28 19:55:31 UTC (rev 3271)
+++ upstream/trunk/src/useradd.c	2010-08-28 19:58:00 UTC (rev 3272)
@@ -1764,7 +1764,9 @@
 {
 	if (access (user_home, F_OK) != 0) {
 #ifdef WITH_SELINUX
-		selinux_file_context (user_home);
+		if (set_selinux_file_context (user_home) != 0) {
+			fail_exit (E_HOMEDIR);
+		}
 #endif
 		/* XXX - create missing parent directories.  --marekm */
 		if (mkdir (user_home, 0) != 0) {
@@ -1791,7 +1793,9 @@
 #endif
 #ifdef WITH_SELINUX
 		/* Reset SELinux to create files with default contexts */
-		setfscreatecon (NULL);
+		if (reset_selinux_file_context () != 0) {
+			fail_exit (E_HOMEDIR);
+		}
 #endif
 	}
 }


