[Pkg-shadow-devel] Bug#491907: passwd: patch needed for SE Linux support in vipw/vigr
Russell Coker
russell at coker.com.au
Tue Jul 22 10:40:18 UTC 2008
Package: passwd
Version: 1:4.1.1-2
Severity: important
Currently vipw and vigr will set the wrong SE Linux security context on
/etc/passwd and /etc/group respectively. The following patch fixes this:
--- /tmp/vipw.c 2008-07-22 20:15:12.000000000 +1000
+++ ./vipw.c 2008-07-22 20:38:20.000000000 +1000
@@ -42,6 +42,10 @@
#include "sgroupio.h"
#include "shadowio.h"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
+
#define MSG_WARN_EDIT_OTHER_FILE _( \
"You have modified %s.\n"\
"You may need to modify %s for consistency.\n"\
@@ -167,6 +171,20 @@
if (access (file, F_OK))
vipwexit (file, 1, 1);
+#ifdef WITH_SELINUX
+ /* if SE Linux is enabled then set the context of all new files
+ to be the context of the file we are editing */
+ if (is_selinux_enabled()) {
+ security_context_t passwd_context=NULL;
+ int ret=0;
+ if (getfilecon(file,&passwd_context) < 0)
+ vipwexit (_("Couldn't get file context"), errno, 1);
+ ret = setfscreatecon(passwd_context);
+ freecon(passwd_context);
+ if (ret != 0)
+ vipwexit (_("setfscreatecon() failed"), errno, 1);
+ }
+#endif
if (!file_lock ())
vipwexit (_("Couldn't lock file"), errno, 5);
filelocked = 1;
@@ -236,6 +254,12 @@
progname, file, strerror (errno), fileedit);
vipwexit (0, 0, 1);
}
+#ifdef WITH_SELINUX
+ /* unset the fscreatecon */
+ if (is_selinux_enabled())
+ if(setfscreatecon(NULL))
+ vipwexit (_("setfscreatecon() failed"), errno, 1);
+#endif
(*file_unlock) ();
}
More information about the Pkg-shadow-devel
mailing list