| Message ID | 20201218125430.245995-1-plautrba@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Revert "libsemanage/genhomedircon: check usepasswd" | expand |
On Fri, Dec 18, 2020 at 1:56 PM Petr Lautrbach <plautrba@redhat.com> wrote: > > This reverts commit ce46daab7cc90a6b9cd3bff9f99cf40ff19c3d9a. > > The behavior described in the reverted commit is correct. `useradd -Z` > creates new mapping between new created user and *unconfined_u*, > `genhomedircon` then uses this new mapping, not /etc/passwd entries, for > generating new homedir contexts. I confirm this behavior. On Fedora 33 (with git master of the userspace libraries and "usepasswd=False" in /etc/selinux/semanage.conf): # useradd -Z unconfined_u -d /tmp test # matchpathcon /tmp /tmp unconfined_u:object_r:user_home_dir_t:s0 # semanage login -l Login Name SELinux User MLS/MCS Range Service __default__ unconfined_u s0-s0:c0.c1023 * root unconfined_u s0-s0:c0.c1023 * test unconfined_u s0-s0:c0.c1023 * # semanage login -d test # matchpathcon /tmp /tmp system_u:object_r:tmp_t:s0 Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org> I applied the commit (as it was sent quite some time ago). Thanks! Nicolas > > Signed-off-by: Petr Lautrbach <plautrba@redhat.com> > --- > libsemanage/src/genhomedircon.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c > index 18d3d99a1254..d08c88de99a7 100644 > --- a/libsemanage/src/genhomedircon.c > +++ b/libsemanage/src/genhomedircon.c > @@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out) > s->fallback->home = NULL; > } > } > - if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) { > + if (user_context_tpl || username_context_tpl) { > if (write_username_context(s, out, username_context_tpl, > s->fallback) != STATUS_SUCCESS) { > retval = STATUS_ERR; > -- > 2.29.2 >
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index 18d3d99a1254..d08c88de99a7 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out) s->fallback->home = NULL; } } - if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) { + if (user_context_tpl || username_context_tpl) { if (write_username_context(s, out, username_context_tpl, s->fallback) != STATUS_SUCCESS) { retval = STATUS_ERR;
This reverts commit ce46daab7cc90a6b9cd3bff9f99cf40ff19c3d9a. The behavior described in the reverted commit is correct. `useradd -Z` creates new mapping between new created user and *unconfined_u*, `genhomedircon` then uses this new mapping, not /etc/passwd entries, for generating new homedir contexts. Signed-off-by: Petr Lautrbach <plautrba@redhat.com> --- libsemanage/src/genhomedircon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)