pam_namespace: replace deprecated matchpathcon

The matchpathcon family is deprecated. Use the selabel family.
author: Christian Göttsche <cgzones@googlemail.com> 2020-07-27 20:16:20 +0200
committer: Tomáš Mráz <tmraz@redhat.com> 2020-08-05 16:30:03 +0200
commit: 31682cd25f7add493216e9bca5d33adab617386a (patch)
tree: e8b9dd780f33da70490a155ecb0ed4d3b14fef5b /modules/pam_namespace/pam_namespace.c
parent: 3f5fbf9cee564ad05ff35019dd1000598a6ed075 (diff)
download: pam-31682cd25f7add493216e9bca5d33adab617386a.tar.gz
pam-31682cd25f7add493216e9bca5d33adab617386a.tar.bz2
pam-31682cd25f7add493216e9bca5d33adab617386a.zip
1 files changed, 21 insertions, 13 deletions
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index 08e3097c..94a2223a 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -1319,6 +1319,7 @@ static int create_polydir(struct polydir_s *polyptr,
     int rc;
 #ifdef WITH_SELINUX
     char *dircon, *oldcon = NULL;
+    struct selabel_handle *label_handle;
 #endif
     const char *dir = polyptr->dir;
     uid_t uid;
@@ -1332,20 +1333,27 @@ static int create_polydir(struct polydir_s *polyptr,
 #ifdef WITH_SELINUX
     if (idata->flags & PAMNS_SELINUX_ENABLED) {
 	getfscreatecon(&oldcon);
-        rc = matchpathcon(dir, S_IFDIR, &dircon);
-        if (rc) {
-            pam_syslog(idata->pamh, LOG_NOTICE,
-                       "Unable to get default context for directory %s, check your policy: %m", dir);
-        } else {
-	    if (idata->flags & PAMNS_DEBUG)
-		pam_syslog(idata->pamh, LOG_DEBUG,
-                       "Polydir %s context: %s", dir, (char *)dircon);
-	    if (setfscreatecon(dircon) != 0)
+
+	label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+	if (!label_handle) {
+	    pam_syslog(idata->pamh, LOG_NOTICE,
+                       "Unable to initialize SELinux labeling handle: %m");
+	} else {
+	    rc = selabel_lookup_raw(label_handle, &dircon, dir, S_IFDIR);
+	    if (rc) {
 		pam_syslog(idata->pamh, LOG_NOTICE,
-                       "Error setting context for directory %s: %m", dir);
-	    freecon(dircon);
-        }
-        matchpathcon_fini();
+                       "Unable to get default context for directory %s, check your policy: %m", dir);
+	    } else {
+		if (idata->flags & PAMNS_DEBUG)
+		    pam_syslog(idata->pamh, LOG_DEBUG,
+                               "Polydir %s context: %s", dir, dircon);
+		if (setfscreatecon_raw(dircon) != 0)
+		    pam_syslog(idata->pamh, LOG_NOTICE,
+                               "Error setting context for directory %s: %m", dir);
+		freecon(dircon);
+	    }
+	    selabel_close(label_handle);
+	}
     }
 #endif
author	Christian Göttsche <cgzones@googlemail.com>	2020-07-27 20:16:20 +0200
committer	Tomáš Mráz <tmraz@redhat.com>	2020-08-05 16:30:03 +0200
commit	31682cd25f7add493216e9bca5d33adab617386a (patch)
tree	e8b9dd780f33da70490a155ecb0ed4d3b14fef5b /modules/pam_namespace/pam_namespace.c
parent	3f5fbf9cee564ad05ff35019dd1000598a6ed075 (diff)
download	pam-31682cd25f7add493216e9bca5d33adab617386a.tar.gz pam-31682cd25f7add493216e9bca5d33adab617386a.tar.bz2 pam-31682cd25f7add493216e9bca5d33adab617386a.zip