diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2020-08-03 20:25:23 +0200 |
|---|---|---|
| committer | Tomáš Mráz <tmraz@redhat.com> | 2020-08-05 16:30:03 +0200 |
| commit | 5bd6274e97f14bb531e04d581c6169bc94afaa43 (patch) | |
| tree | e5398643f091bb3194a5cc4adbba5d861a6dc3fa /modules/pam_namespace/pam_namespace.c | |
| parent | 1bdc5b65e7ff7754a414047cb987e44e25907b5b (diff) | |
| download | pam-5bd6274e97f14bb531e04d581c6169bc94afaa43.tar.gz pam-5bd6274e97f14bb531e04d581c6169bc94afaa43.tar.bz2 pam-5bd6274e97f14bb531e04d581c6169bc94afaa43.zip | |
pam_namespace: skip context translation
These retrieved contexts are just passed to libselinux functions and not
printed or otherwise made available to the outside, so a context
translation to human readable MCS/MLS labels is not needed.
(see man:setrans.conf(5))
Diffstat (limited to 'modules/pam_namespace/pam_namespace.c')
| -rw-r--r-- | modules/pam_namespace/pam_namespace.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index 94a2223a..f8ced1c3 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -1318,7 +1318,7 @@ static int create_polydir(struct polydir_s *polyptr, mode_t mode; int rc; #ifdef WITH_SELINUX - char *dircon, *oldcon = NULL; + char *dircon_raw, *oldcon_raw = NULL; struct selabel_handle *label_handle; #endif const char *dir = polyptr->dir; @@ -1332,25 +1332,25 @@ static int create_polydir(struct polydir_s *polyptr, #ifdef WITH_SELINUX if (idata->flags & PAMNS_SELINUX_ENABLED) { - getfscreatecon(&oldcon); + getfscreatecon_raw(&oldcon_raw); label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0); if (!label_handle) { pam_syslog(idata->pamh, LOG_NOTICE, "Unable to initialize SELinux labeling handle: %m"); } else { - rc = selabel_lookup_raw(label_handle, &dircon, dir, S_IFDIR); + rc = selabel_lookup_raw(label_handle, &dircon_raw, dir, S_IFDIR); if (rc) { pam_syslog(idata->pamh, LOG_NOTICE, "Unable to get default context for directory %s, check your policy: %m", dir); } else { if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, - "Polydir %s context: %s", dir, dircon); - if (setfscreatecon_raw(dircon) != 0) + "Polydir %s context: %s", dir, dircon_raw); + if (setfscreatecon_raw(dircon_raw) != 0) pam_syslog(idata->pamh, LOG_NOTICE, "Error setting context for directory %s: %m", dir); - freecon(dircon); + freecon(dircon_raw); } selabel_close(label_handle); } @@ -1366,10 +1366,10 @@ static int create_polydir(struct polydir_s *polyptr, #ifdef WITH_SELINUX if (idata->flags & PAMNS_SELINUX_ENABLED) { - if (setfscreatecon(oldcon) != 0) + if (setfscreatecon_raw(oldcon_raw) != 0) pam_syslog(idata->pamh, LOG_NOTICE, "Error resetting fs create context: %m"); - freecon(oldcon); + freecon(oldcon_raw); } #endif |