diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2020-08-03 20:18:11 +0200 |
|---|---|---|
| committer | Tomáš Mráz <tmraz@redhat.com> | 2020-08-05 16:30:03 +0200 |
| commit | 1bdc5b65e7ff7754a414047cb987e44e25907b5b (patch) | |
| tree | aaf03b8d4974dbf2eeb716958c1e5bd25ede177e | |
| parent | b6edb24f87091104afd89cb53c6dd13be4ffeee1 (diff) | |
| download | pam-1bdc5b65e7ff7754a414047cb987e44e25907b5b.tar.gz pam-1bdc5b65e7ff7754a414047cb987e44e25907b5b.tar.bz2 pam-1bdc5b65e7ff7754a414047cb987e44e25907b5b.zip | |
pam_xauth: skip context translation
The retrieved context is just passed to libselinux functions and not
printed or otherwise made available to the outside, so a context
translation to human readable MCS/MLS labels is not needed.
(see man:setrans.conf(5))
| -rw-r--r-- | modules/pam_xauth/pam_xauth.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 966b1b09..03f8dc78 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -532,7 +532,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, xauth, "-f", cookiefile, "nlist", display, NULL) == 0) { #ifdef WITH_SELINUX - char *context = NULL; + char *context_raw = NULL; #endif PAM_MODUTIL_DEF_PRIVS(privs); @@ -626,16 +626,16 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, if (is_selinux_enabled() > 0) { struct selabel_handle *ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0); if (ctx != NULL) { - if (selabel_lookup(ctx, &context, - xauthority + sizeof(XAUTHENV), S_IFREG) != 0) { + if (selabel_lookup_raw(ctx, &context_raw, + xauthority + sizeof(XAUTHENV), S_IFREG) != 0) { pam_syslog(pamh, LOG_WARNING, "could not get SELinux label for '%s'", xauthority + sizeof(XAUTHENV)); } selabel_close(ctx); - if (setfscreatecon(context)) { + if (setfscreatecon_raw(context_raw)) { pam_syslog(pamh, LOG_WARNING, - "setfscreatecon(%s) failed: %m", context); + "setfscreatecon_raw(%s) failed: %m", context_raw); } } } @@ -646,9 +646,9 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, "error creating temporary file `%s': %m", xauthority + sizeof(XAUTHENV)); #ifdef WITH_SELINUX - if (context != NULL) { - free(context); - setfscreatecon(NULL); + if (context_raw != NULL) { + free(context_raw); + setfscreatecon_raw(NULL); } #endif /* WITH_SELINUX */ if (fd >= 0) |