diff options
| author | Daniel Mack <github@zonque.org> | 2015-10-07 11:37:21 +0200 |
|---|---|---|
| committer | Daniel Mack <github@zonque.org> | 2015-10-07 11:37:21 +0200 |
| commit | 42911a567dc22c3115fb3ee3c56a7dcfb034f102 (patch) | |
| tree | 2639f32dbe2a77df2e137540035c15897a77922d | |
| parent | 064d3eb5a5f109dfcaa5d4bf31dae30030dad41b (diff) | |
| parent | c02e7b1ecc7d88f6529ca3d1d231536300991a02 (diff) | |
Merge pull request #1481 from again4you/devel/smack_sysuser_#4
smack: label /etc/passwd and friends as '_' smack label when --with-smack-run-label' is enabled (v3)
| -rw-r--r-- | src/basic/smack-util.c | 3 | ||||
| -rw-r--r-- | src/basic/smack-util.h | 3 | ||||
| -rw-r--r-- | src/sysusers/sysusers.c | 34 |
3 files changed, 25 insertions, 15 deletions
diff --git a/src/basic/smack-util.c b/src/basic/smack-util.c index 9e221d6eab..5f570ff02a 100644 --- a/src/basic/smack-util.c +++ b/src/basic/smack-util.c @@ -29,9 +29,6 @@ #include "fileio.h" #include "smack-util.h" -#define SMACK_FLOOR_LABEL "_" -#define SMACK_STAR_LABEL "*" - #ifdef HAVE_SMACK bool mac_smack_use(void) { static int cached_use = -1; diff --git a/src/basic/smack-util.h b/src/basic/smack-util.h index b3aa55eb8a..e756dc8c28 100644 --- a/src/basic/smack-util.h +++ b/src/basic/smack-util.h @@ -27,6 +27,9 @@ #include "macro.h" +#define SMACK_FLOOR_LABEL "_" +#define SMACK_STAR_LABEL "*" + typedef enum SmackAttr { SMACK_ATTR_ACCESS = 0, SMACK_ATTR_EXEC = 1, diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 07494e764b..ba09727080 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -38,6 +38,7 @@ #include "uid-range.h" #include "utf8.h" #include "util.h" +#include "smack-util.h" typedef enum ItemType { ADD_USER = 'u', @@ -352,6 +353,19 @@ static int sync_rights(FILE *from, FILE *to) { return 0; } +static int rename_and_apply_smack(const char *temp_path, const char *dest_path) { + int r = 0; + if (rename(temp_path, dest_path) < 0) + return -errno; + +#ifdef SMACK_RUN_LABEL + r = mac_smack_apply(dest_path, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL); + if (r < 0) + return r; +#endif + return r; +} + static int write_files(void) { _cleanup_fclose_ FILE *passwd = NULL, *group = NULL, *shadow = NULL, *gshadow = NULL; @@ -698,36 +712,32 @@ static int write_files(void) { /* And make the new files count */ if (group_changed) { if (group) { - if (rename(group_tmp, group_path) < 0) { - r = -errno; + r = rename_and_apply_smack(group_tmp, group_path); + if (r < 0) goto finish; - } group_tmp = mfree(group_tmp); } if (gshadow) { - if (rename(gshadow_tmp, gshadow_path) < 0) { - r = -errno; + r = rename_and_apply_smack(gshadow_tmp, gshadow_path); + if (r < 0) goto finish; - } gshadow_tmp = mfree(gshadow_tmp); } } if (passwd) { - if (rename(passwd_tmp, passwd_path) < 0) { - r = -errno; + r = rename_and_apply_smack(passwd_tmp, passwd_path); + if (r < 0) goto finish; - } passwd_tmp = mfree(passwd_tmp); } if (shadow) { - if (rename(shadow_tmp, shadow_path) < 0) { - r = -errno; + r = rename_and_apply_smack(shadow_tmp, shadow_path); + if (r < 0) goto finish; - } shadow_tmp = mfree(shadow_tmp); } |