summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2014-07-21 20:41:19 -0400
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2014-07-21 20:53:05 -0400
commit9f1c19405a1ccaf59dcc8c32c13a1619541189ad (patch)
tree7ab90a2c1c2ed3283db4ef69ecc847d6304aaf0d /src
parentc9e738b91199475c88a2f89da448a026e9186058 (diff)
sysusers: fix selinux context of backup files
Also, fix fopen_temporary_label to set proper context. By chance, all users so far used the same context, so the error didn't matter. Also, check return value from label_init(). https://bugzilla.redhat.com/show_bug.cgi?id=1121806
Diffstat (limited to 'src')
-rw-r--r--src/shared/fileio-label.c2
-rw-r--r--src/sysusers/sysusers.c45
2 files changed, 25 insertions, 22 deletions
diff --git a/src/shared/fileio-label.c b/src/shared/fileio-label.c
index 417ca5695a..c3def3c568 100644
--- a/src/shared/fileio-label.c
+++ b/src/shared/fileio-label.c
@@ -59,7 +59,7 @@ int fopen_temporary_label(const char *target,
const char *path, FILE **f, char **temp_path) {
int r;
- r = label_context_set("/etc/passwd", S_IFREG);
+ r = label_context_set(target, S_IFREG);
if (r < 0)
return r;
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index d679394dfa..b7c1609242 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -195,8 +195,9 @@ static int load_group_database(void) {
return 0;
}
-static int make_backup(const char *x) {
- _cleanup_close_ int src = -1, dst = -1;
+static int make_backup(const char *target, const char *x) {
+ _cleanup_close_ int src = -1;
+ _cleanup_fclose_ FILE *dst = NULL;
char *backup, *temp;
struct timespec ts[2];
struct stat st;
@@ -213,30 +214,30 @@ static int make_backup(const char *x) {
if (fstat(src, &st) < 0)
return -errno;
- temp = strappenda(x, ".XXXXXX");
- dst = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC|O_NOCTTY);
- if (dst < 0)
- return dst;
+ r = fopen_temporary_label(target, x, &dst, &temp);
+ if (r < 0)
+ return r;
- r = copy_bytes(src, dst, (off_t) -1);
+ r = copy_bytes(src, fileno(dst), (off_t) -1);
if (r < 0)
goto fail;
+ /* Don't fail on chmod() or chown(). If it stays owned by us
+ * and/or unreadable by others, then it isn't too bad... */
+
+ backup = strappenda(x, "-");
+
/* Copy over the access mask */
- if (fchmod(dst, st.st_mode & 07777) < 0) {
- r = -errno;
- goto fail;
- }
+ if (fchmod(fileno(dst), st.st_mode & 07777) < 0)
+ log_warning("Failed to change mode on %s: %m", backup);
- /* Don't fail on chmod(). If it stays owned by us, then it
- * isn't too bad... */
- fchown(dst, st.st_uid, st.st_gid);
+ if (fchown(fileno(dst), st.st_uid, st.st_gid)< 0)
+ log_warning("Failed to change ownership of %s: %m", backup);
ts[0] = st.st_atim;
ts[1] = st.st_mtim;
- futimens(dst, ts);
+ futimens(fileno(dst), ts);
- backup = strappenda(x, "-");
if (rename(temp, backup) < 0)
goto fail;
@@ -469,13 +470,13 @@ static int write_files(void) {
/* Make a backup of the old files */
if (group && group_changed) {
- r = make_backup(group_path);
+ r = make_backup("/etc/group", group_path);
if (r < 0)
goto finish;
}
if (passwd) {
- r = make_backup(passwd_path);
+ r = make_backup("/etc/passwd", passwd_path);
if (r < 0)
goto finish;
}
@@ -1493,9 +1494,11 @@ int main(int argc, char *argv[]) {
umask(0022);
- label_init(NULL);
-
- r = 0;
+ r = label_init(NULL);
+ if (r < 0) {
+ log_error("SELinux setup failed: %s", strerror(-r));
+ goto finish;
+ }
if (optind < argc) {
int j;