useradd: check MLS enablement before setting serange Resolves: https://github.com/shadow-maint/shadow/issues/552

This commit is contained in:
genBTC 2022-08-23 10:25:51 -04:00 committed by Serge Hallyn
parent cfc981df2a
commit 23634d8de7

View File

@ -122,6 +122,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
goto done;
}
if (semanage_mls_enabled(handle)) {
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
fprintf (shadow_logfd,
@ -129,6 +130,7 @@ static int semanage_user_mod (semanage_handle_t *handle,
ret = 1;
goto done;
}
}
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
if (ret != 0) {
@ -179,14 +181,15 @@ static int semanage_user_add (semanage_handle_t *handle,
goto done;
}
if (semanage_mls_enabled(handle)) {
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
fprintf (shadow_logfd,
_("Could not set serange for %s\n"),
login_name);
_("Could not set serange for %s\n"), login_name);
ret = 1;
goto done;
}
}
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
if (ret != 0) {