- Fix SELinux context on home directories created with useradd (#217441)

2006-11-30 21:52:48 +00:00 · 2006-11-30 21:52:48 +00:00 · 5e8c96ebfa
commit 5e8c96ebfa
parent 1295a7f472
2 changed files with 52 additions and 1 deletions
--- a/shadow-4.0.17-useradd.patch
+++ b/shadow-4.0.17-useradd.patch
@ -0,0 +1,46 @@
+diff -rup shadow-4.0.17-orig/src/useradd.c shadow-4.0.17/src/useradd.c
+--- shadow-4.0.17-orig/src/useradd.c	2006-11-29 18:31:43.000000000 -0500
+++ shadow-4.0.17/src/useradd.c	2006-11-29 21:38:22.000000000 -0500
+@@ -45,6 +45,9 @@
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <time.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
+ #include "chkname.h"
+ #include "defines.h"
+ #include "faillog.h"
+@@ -1612,6 +1615,9 @@ static void usr_update (void)
+  */
+ static void create_home (void)
+ {
+        mode_t mode = 0;
+
+        mode = 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK);
+ 	if (access (user_home, F_OK)) {
+ 		/* XXX - create missing parent directories.  --marekm */
+ 		if (mkdir (user_home, 0)) {
+@@ -1625,9 +1631,19 @@ static void create_home (void)
+ #endif
+ 			fail_exit (E_HOMEDIR);
+ 		}
+#ifdef WITH_SELINUX
+                {
+                        security_context_t con = NULL;
+
+                        if (!matchpathcon(user_home, mode, &con))
+                        {
+                                setfilecon(user_home, con);
+                                freecon(con);
+                        }
+                }
+#endif
+ 		chown (user_home, user_id, user_gid);
+-		chmod (user_home,
+-		       0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
+		chmod (user_home, mode);
+ 		home_added++;
+ #ifdef WITH_AUDIT
+ 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+Only in shadow-4.0.17/src: useradd.c.useradd
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@ -5,7 +5,7 @@
 Summary: Utilities for managing accounts and shadow password files.
 Name: shadow-utils
 Version: 4.0.18.1
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch: 2
 URL: http://shadow.pld.org.pl/
 Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
@ -23,6 +23,7 @@ Patch7: shadow-4.0.17-exitValues.patch
 Patch8: shadow-4.0.17-auditLogging.patch
 Patch9: shadow-4.0.18.1-gid.patch
 Patch10: shadow-4.0.18.1-overflow.patch
+Patch11: shadow-4.0.17-useradd.patch

 License: BSD
 Group: System Environment/Base
@ -63,6 +64,7 @@ cp %{SOURCE3} lib/nscd.c
 %patch8 -p1 -b .auditLogging
 %patch9 -p1 -b .gid
 %patch10 -p1 -b .overflow
+%patch11 -p1 -b .useradd

 rm po/*.gmo
 rm po/stamp-po
@ -217,6 +219,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*/man8/faillog.8*

 %changelog
+* Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 2:4.0.18.1-5
+- Fix SELinux context on home directories created with useradd (#217441)
+
 * Tue Nov 14 2006 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-4
 - fix chpasswd and chgpasswd stack overflow (#213052)