| Message ID | 20201030164217.1374255-1-vmojzis@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v2] libsemanage/genhomedircon: check usepasswd | expand |
On Fri, Oct 30, 2020 at 05:42:17PM +0100, Vit Mojzis wrote: > Only add user homedir contexts when usepasswd = True > > Resolves: > #cat /etc/selinux/semanage.conf | grep usepasswd > usepasswd=False > #useradd -Z unconfined_u -d /tmp test > #matchpathcon /tmp > /tmp unconfined_u:object_r:user_home_dir_t:s0 > > Signed-off-by: Vit Mojzis <vmojzis@redhat.com> Acked-by: Petr Lautrbach <plautrba@redhat.com> Merged with slightly changed commit message, thanks! > --- > v2 - invert condition as suggested by plautrba > > libsemanage/src/genhomedircon.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c > index d08c88de..18d3d99a 100644 > --- a/libsemanage/src/genhomedircon.c > +++ b/libsemanage/src/genhomedircon.c > @@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out) > s->fallback->home = NULL; > } > } > - if (user_context_tpl || username_context_tpl) { > + if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) { > if (write_username_context(s, out, username_context_tpl, > s->fallback) != STATUS_SUCCESS) { > retval = STATUS_ERR; > -- > 2.26.2 >
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index d08c88de..18d3d99a 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out) s->fallback->home = NULL; } } - if (user_context_tpl || username_context_tpl) { + if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) { if (write_username_context(s, out, username_context_tpl, s->fallback) != STATUS_SUCCESS) { retval = STATUS_ERR;
Only add user homedir contexts when usepasswd = True Resolves: #cat /etc/selinux/semanage.conf | grep usepasswd usepasswd=False #useradd -Z unconfined_u -d /tmp test #matchpathcon /tmp /tmp unconfined_u:object_r:user_home_dir_t:s0 Signed-off-by: Vit Mojzis <vmojzis@redhat.com> --- v2 - invert condition as suggested by plautrba libsemanage/src/genhomedircon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)