[Pkg-shadow-devel] packaging next 4.1.3
Nicolas François
nicolas.francois at centraliens.net
Wed Apr 15 23:16:13 UTC 2009
On Wed, Apr 15, 2009 at 02:21:48PM +0200, pvrabec at redhat.com wrote:
> I think the intention was to SET the context of each copied file, because
> selinux file context is not copied.
right. I missed this use case.
When used by usermod, to rename a home directory, it seems better to
keep the SE Linux attributes. I think a parameter will be needed.
> btw. I'm sending a selinux patch, some things we messed up :(
I applied the two patches in 4.1.3.1
> 1. useradd - we always have to call semanage in case the selinux is turned off
There is still something missing.
When selinux_update_mapping() is called but Zflg is not set, *user_selinux
will be '\0' and selinux_update_mapping() becomes a no-op.
What should be the semanage command when a user is added, but no specific
selinux user?
just semanage login -a user_name (i.e. the same without -s user_selinux)
i.e. would the following patch make sense:
Index: src/useradd.c
===================================================================
--- src/useradd.c (révision 2691)
+++ src/useradd.c (copie de travail)
@@ -1699,15 +1699,20 @@
static void selinux_update_mapping (void) {
if (is_selinux_enabled () <= 0) return;
- if (*user_selinux) { /* must be done after passwd write() */
+ /* must be done after passwd write() */
const char *argv[7];
argv[0] = "/usr/sbin/semanage";
argv[1] = "login";
argv[2] = "-a";
+ if (*user_selinux) {
argv[3] = "-s";
argv[4] = user_selinux;
argv[5] = user_name;
argv[6] = NULL;
+ } else {
+ argv[3] = user_name;
+ argv[4] = NULL;
+ }
if (safe_system (argv[0], argv, NULL, 0)) {
fprintf (stderr,
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
@@ -1718,7 +1723,6 @@
user_name, (unsigned int) user_id, 0);
#endif
}
- }
}
#endif
/*
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list