[Pkg-shadow-commits] r3650 - in upstream/trunk: . man src
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Mon Nov 21 22:02:15 UTC 2011
Author: nekral-guest
Date: 2011-11-21 22:02:15 +0000 (Mon, 21 Nov 2011)
New Revision: 3650
Modified:
upstream/trunk/ChangeLog
upstream/trunk/man/useradd.8.xml
upstream/trunk/man/usermod.8.xml
upstream/trunk/src/useradd.c
upstream/trunk/src/usermod.c
Log:
* src/usermod.c, man/usermod.8.xml: usermod -Z "" removes the
SELinux user mapping for the modified user.
* src/useradd.c: Zflg is #defined as user_selinux non empty.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2011-11-21 19:34:22 UTC (rev 3649)
+++ upstream/trunk/ChangeLog 2011-11-21 22:02:15 UTC (rev 3650)
@@ -1,3 +1,9 @@
+2011-11-21 Nicolas François <nicolas.francois at centraliens.net>
+
+ * src/usermod.c, man/usermod.8.xml: usermod -Z "" removes the
+ SELinux user mapping for the modified user.
+ * src/useradd.c: Zflg is #defined as user_selinux non empty.
+
2011-11-21 Peter Vrabec <pvrabec at redhat.com>
* libmisc/copydir.c: Ignore errors to copy ACLs if the operation
Modified: upstream/trunk/man/useradd.8.xml
===================================================================
--- upstream/trunk/man/useradd.8.xml 2011-11-21 19:34:22 UTC (rev 3649)
+++ upstream/trunk/man/useradd.8.xml 2011-11-21 22:02:15 UTC (rev 3650)
@@ -507,7 +507,7 @@
<para>
The SELinux user for the user's login. The default is to leave this
field blank, which causes the system to select the default SELinux
- user.
+ user.
</para>
</listitem>
</varlistentry>
Modified: upstream/trunk/man/usermod.8.xml
===================================================================
--- upstream/trunk/man/usermod.8.xml 2011-11-21 19:34:22 UTC (rev 3649)
+++ upstream/trunk/man/usermod.8.xml 2011-11-21 22:02:15 UTC (rev 3650)
@@ -377,10 +377,13 @@
</term>
<listitem>
<para>
- The SELinux user for the user's login. The default is to leave
- this field the blank, which causes the system to select the
- default SELinux user.
+ The new SELinux user for the user's login.
</para>
+ <para>
+ A blank <replaceable>SEUSER</replaceable> will remove the
+ SELinux user mapping for user <replaceable>LOGIN</replaceable>
+ (if any).
+ </para>
</listitem>
</varlistentry>
</variablelist>
Modified: upstream/trunk/src/useradd.c
===================================================================
--- upstream/trunk/src/useradd.c 2011-11-21 19:34:22 UTC (rev 3649)
+++ upstream/trunk/src/useradd.c 2011-11-21 22:02:15 UTC (rev 3650)
@@ -111,7 +111,7 @@
static const char *user_shell = "";
static const char *create_mail_spool = "";
#ifdef WITH_SELINUX
-static const char *user_selinux = "";
+static /*@notnull@*/const char *user_selinux = "";
#endif /* WITH_SELINUX */
static long user_expire = -1;
@@ -145,12 +145,13 @@
oflg = false, /* permit non-unique user ID to be specified with -u */
rflg = false, /* create a system account */
sflg = false, /* shell program for new account */
-#ifdef WITH_SELINUX
- Zflg = false, /* new selinux user */
-#endif /* WITH_SELINUX */
uflg = false, /* specify user ID for new account */
Uflg = false; /* create a group having the same name as the user */
+#ifdef WITH_SELINUX
+#define Zflg ('\0' != *user_selinux)
+#endif /* WITH_SELINUX */
+
static bool home_added = false;
/*
@@ -1214,7 +1215,6 @@
case 'Z':
if (is_selinux_enabled () > 0) {
user_selinux = optarg;
- Zflg = true;
} else {
fprintf (stderr,
_("%s: -Z requires SELinux enabled kernel\n"),
@@ -2058,7 +2058,7 @@
close_files ();
#ifdef WITH_SELINUX
- if (Zflg && ('\0' != *user_selinux)) {
+ if (Zflg) {
if (set_seuser (user_name, user_selinux) != 0) {
fprintf (stderr,
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Modified: upstream/trunk/src/usermod.c
===================================================================
--- upstream/trunk/src/usermod.c 2011-11-21 19:34:22 UTC (rev 3649)
+++ upstream/trunk/src/usermod.c 2011-11-21 22:02:15 UTC (rev 3650)
@@ -1890,17 +1890,33 @@
nscd_flush_cache ("group");
#ifdef WITH_SELINUX
- if (Zflg && *user_selinux) {
- if (set_seuser (user_name, user_selinux) != 0) {
- fprintf (stderr,
- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
- Prog, user_name, user_selinux);
+ if (Zflg) {
+ if ('\0' != *user_selinux) {
+ if (set_seuser (user_name, user_selinux) != 0) {
+ fprintf (stderr,
+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
+ Prog, user_name, user_selinux);
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "modifying User mapping ",
- user_name, (unsigned int) user_id, 0);
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "modifying User mapping ",
+ user_name, (unsigned int) user_id,
+ SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
- fail_exit (E_SE_UPDATE);
+ fail_exit (E_SE_UPDATE);
+ }
+ } else {
+ if (del_seuser (user_name) != 0) {
+ fprintf (stderr,
+ _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
+ Prog, user_name);
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_ADD_USER, Prog,
+ "removing SELinux user mapping",
+ user_name, (unsigned int) user_id,
+ SHADOW_AUDIT_FAILURE);
+#endif /* WITH_AUDIT */
+ fail_exit (E_SE_UPDATE);
+ }
}
}
#endif /* WITH_SELINUX */
More information about the Pkg-shadow-commits
mailing list