useradd/usermod: add --selinux-range argument
Add a command line argument to useradd(8) and usermod(8) to specify the MLS range for a SELinux user mapping. Improves: #676
This commit is contained in:
Christian Göttsche
committed by
Iker Pedrosa
Iker Pedrosa
parent
97f79e3b27
commit
c80788a3ac
@ -105,7 +105,8 @@ fail:
|
||||
static int semanage_user_mod (semanage_handle_t *handle,
|
||||
semanage_seuser_key_t *key,
|
||||
const char *login_name,
|
||||
const char *seuser_name)
|
||||
const char *seuser_name,
|
||||
const char *serange)
|
||||
{
|
||||
int ret;
|
||||
semanage_seuser_t *seuser = NULL;
|
||||
@ -118,6 +119,17 @@ static int semanage_user_mod (semanage_handle_t *handle,
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (serange && semanage_mls_enabled(handle)) {
|
||||
ret = semanage_seuser_set_mlsrange (handle, seuser, serange);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("Could not set serange for %s to %s\n"),
|
||||
login_name, serange);
|
||||
ret = 1;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
@ -146,7 +158,8 @@ done:
|
||||
static int semanage_user_add (semanage_handle_t *handle,
|
||||
semanage_seuser_key_t *key,
|
||||
const char *login_name,
|
||||
const char *seuser_name)
|
||||
const char *seuser_name,
|
||||
const char *serange)
|
||||
{
|
||||
int ret;
|
||||
semanage_seuser_t *seuser = NULL;
|
||||
@ -167,6 +180,17 @@ static int semanage_user_add (semanage_handle_t *handle,
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (serange && semanage_mls_enabled(handle)) {
|
||||
ret = semanage_seuser_set_mlsrange (handle, seuser, serange);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("Could not set serange for %s to %s\n"),
|
||||
login_name, serange);
|
||||
ret = 1;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
@ -192,7 +216,7 @@ done:
|
||||
}
|
||||
|
||||
|
||||
int set_seuser (const char *login_name, const char *seuser_name)
|
||||
int set_seuser (const char *login_name, const char *seuser_name, const char *serange)
|
||||
{
|
||||
semanage_handle_t *handle = NULL;
|
||||
semanage_seuser_key_t *key = NULL;
|
||||
@ -226,7 +250,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
|
||||
}
|
||||
|
||||
if (0 != seuser_exists) {
|
||||
ret = semanage_user_mod (handle, key, login_name, seuser_name);
|
||||
ret = semanage_user_mod (handle, key, login_name, seuser_name, serange);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("Cannot modify SELinux user mapping\n"));
|
||||
@ -234,7 +258,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
ret = semanage_user_add (handle, key, login_name, seuser_name);
|
||||
ret = semanage_user_add (handle, key, login_name, seuser_name, serange);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("Cannot add SELinux user mapping\n"));
|
||||
|
||||
Reference in New Issue
Block a user