* src/usermod.c, man/usermod.8.xml: usermod -Z "" removes the
SELinux user mapping for the modified user. * src/useradd.c: Zflg is #defined as user_selinux non empty.
This commit is contained in:
nekral-guest
@@ -111,7 +111,7 @@ static const char *user_home = "";
|
||||
static const char *user_shell = "";
|
||||
static const char *create_mail_spool = "";
|
||||
#ifdef WITH_SELINUX
|
||||
static const char *user_selinux = "";
|
||||
static /*@notnull@*/const char *user_selinux = "";
|
||||
#endif /* WITH_SELINUX */
|
||||
|
||||
static long user_expire = -1;
|
||||
@@ -145,12 +145,13 @@ static bool
|
||||
oflg = false, /* permit non-unique user ID to be specified with -u */
|
||||
rflg = false, /* create a system account */
|
||||
sflg = false, /* shell program for new account */
|
||||
#ifdef WITH_SELINUX
|
||||
Zflg = false, /* new selinux user */
|
||||
#endif /* WITH_SELINUX */
|
||||
uflg = false, /* specify user ID for new account */
|
||||
Uflg = false; /* create a group having the same name as the user */
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
#define Zflg ('\0' != *user_selinux)
|
||||
#endif /* WITH_SELINUX */
|
||||
|
||||
static bool home_added = false;
|
||||
|
||||
/*
|
||||
@@ -1214,7 +1215,6 @@ static void process_flags (int argc, char **argv)
|
||||
case 'Z':
|
||||
if (is_selinux_enabled () > 0) {
|
||||
user_selinux = optarg;
|
||||
Zflg = true;
|
||||
} else {
|
||||
fprintf (stderr,
|
||||
_("%s: -Z requires SELinux enabled kernel\n"),
|
||||
@@ -2058,7 +2058,7 @@ int main (int argc, char **argv)
|
||||
close_files ();
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
if (Zflg && ('\0' != *user_selinux)) {
|
||||
if (Zflg) {
|
||||
if (set_seuser (user_name, user_selinux) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
|
||||
@@ -1890,17 +1890,33 @@ int main (int argc, char **argv)
|
||||
nscd_flush_cache ("group");
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
if (Zflg && *user_selinux) {
|
||||
if (set_seuser (user_name, user_selinux) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
Prog, user_name, user_selinux);
|
||||
if (Zflg) {
|
||||
if ('\0' != *user_selinux) {
|
||||
if (set_seuser (user_name, user_selinux) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
Prog, user_name, user_selinux);
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
"modifying User mapping ",
|
||||
user_name, (unsigned int) user_id, 0);
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
"modifying User mapping ",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_SE_UPDATE);
|
||||
fail_exit (E_SE_UPDATE);
|
||||
}
|
||||
} else {
|
||||
if (del_seuser (user_name) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
|
||||
Prog, user_name);
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_ADD_USER, Prog,
|
||||
"removing SELinux user mapping",
|
||||
user_name, (unsigned int) user_id,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
#endif /* WITH_AUDIT */
|
||||
fail_exit (E_SE_UPDATE);
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* WITH_SELINUX */
|
||||
|
||||
Reference in New Issue
Block a user