- Fix SELinux context on home directories created with useradd (#217441)

This commit is contained in:
Steve Grubb 2006-11-30 21:52:48 +00:00
parent 1295a7f472
commit 5e8c96ebfa
2 changed files with 52 additions and 1 deletions

View file

@ -0,0 +1,46 @@
diff -rup shadow-4.0.17-orig/src/useradd.c shadow-4.0.17/src/useradd.c
--- shadow-4.0.17-orig/src/useradd.c 2006-11-29 18:31:43.000000000 -0500
+++ shadow-4.0.17/src/useradd.c 2006-11-29 21:38:22.000000000 -0500
@@ -45,6 +45,9 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <time.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
#include "chkname.h"
#include "defines.h"
#include "faillog.h"
@@ -1612,6 +1615,9 @@ static void usr_update (void)
*/
static void create_home (void)
{
+ mode_t mode = 0;
+
+ mode = 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK);
if (access (user_home, F_OK)) {
/* XXX - create missing parent directories. --marekm */
if (mkdir (user_home, 0)) {
@@ -1625,9 +1631,19 @@ static void create_home (void)
#endif
fail_exit (E_HOMEDIR);
}
+#ifdef WITH_SELINUX
+ {
+ security_context_t con = NULL;
+
+ if (!matchpathcon(user_home, mode, &con))
+ {
+ setfilecon(user_home, con);
+ freecon(con);
+ }
+ }
+#endif
chown (user_home, user_id, user_gid);
- chmod (user_home,
- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
+ chmod (user_home, mode);
home_added++;
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
Only in shadow-4.0.17/src: useradd.c.useradd

View file

@ -5,7 +5,7 @@
Summary: Utilities for managing accounts and shadow password files. Summary: Utilities for managing accounts and shadow password files.
Name: shadow-utils Name: shadow-utils
Version: 4.0.18.1 Version: 4.0.18.1
Release: 4%{?dist} Release: 5%{?dist}
Epoch: 2 Epoch: 2
URL: http://shadow.pld.org.pl/ URL: http://shadow.pld.org.pl/
Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2 Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
@ -23,6 +23,7 @@ Patch7: shadow-4.0.17-exitValues.patch
Patch8: shadow-4.0.17-auditLogging.patch Patch8: shadow-4.0.17-auditLogging.patch
Patch9: shadow-4.0.18.1-gid.patch Patch9: shadow-4.0.18.1-gid.patch
Patch10: shadow-4.0.18.1-overflow.patch Patch10: shadow-4.0.18.1-overflow.patch
Patch11: shadow-4.0.17-useradd.patch
License: BSD License: BSD
Group: System Environment/Base Group: System Environment/Base
@ -63,6 +64,7 @@ cp %{SOURCE3} lib/nscd.c
%patch8 -p1 -b .auditLogging %patch8 -p1 -b .auditLogging
%patch9 -p1 -b .gid %patch9 -p1 -b .gid
%patch10 -p1 -b .overflow %patch10 -p1 -b .overflow
%patch11 -p1 -b .useradd
rm po/*.gmo rm po/*.gmo
rm po/stamp-po rm po/stamp-po
@ -217,6 +219,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/*/man8/faillog.8* %{_mandir}/*/man8/faillog.8*
%changelog %changelog
* Thu Nov 30 2006 Steve Grubb <sgrubb@redhat.com> 2:4.0.18.1-5
- Fix SELinux context on home directories created with useradd (#217441)
* Tue Nov 14 2006 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-4 * Tue Nov 14 2006 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-4
- fix chpasswd and chgpasswd stack overflow (#213052) - fix chpasswd and chgpasswd stack overflow (#213052)