diff --git a/lib/commonio.c b/lib/commonio.c index c5b3d104..3c81c796 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -974,7 +974,7 @@ int commonio_close (struct commonio_db *db) snprintf (buf, sizeof buf, "%s-", db->filename); #ifdef WITH_SELINUX - if (set_selinux_file_context (buf) != 0) { + if (set_selinux_file_context (db->filename, S_IFREG) != 0) { errors++; } #endif @@ -1007,7 +1007,7 @@ int commonio_close (struct commonio_db *db) snprintf (buf, sizeof buf, "%s+", db->filename); #ifdef WITH_SELINUX - if (set_selinux_file_context (buf) != 0) { + if (set_selinux_file_context (db->filename, S_IFREG) != 0) { errors++; } #endif diff --git a/lib/prototypes.h b/lib/prototypes.h index 0c42bcc2..d187660e 100644 --- a/lib/prototypes.h +++ b/lib/prototypes.h @@ -403,7 +403,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const /* selinux.c */ #ifdef WITH_SELINUX -extern int set_selinux_file_context (const char *dst_name); +extern int set_selinux_file_context (const char *dst_name, mode_t mode); extern int reset_selinux_file_context (void); extern int check_selinux_permit (const char *perm_name); #endif diff --git a/lib/selinux.c b/lib/selinux.c index 41f4371d..719acda3 100644 --- a/lib/selinux.c +++ b/lib/selinux.c @@ -51,7 +51,7 @@ static bool selinux_enabled; * Callers may have to Reset SELinux to create files with default * contexts with reset_selinux_file_context */ -int set_selinux_file_context (const char *dst_name) +int set_selinux_file_context (const char *dst_name, mode_t mode) { if (!selinux_checked) { selinux_enabled = is_selinux_enabled () > 0; @@ -70,7 +70,7 @@ int set_selinux_file_context (const char *dst_name) return security_getenforce () != 0; } - r = selabel_lookup_raw(hnd, &fcontext_raw, dst_name, 0); + r = selabel_lookup_raw(hnd, &fcontext_raw, dst_name, mode); selabel_close(hnd); if (r < 0) { /* No context specified for the searched path */ diff --git a/libmisc/copydir.c b/libmisc/copydir.c index e6aac6ec..1ca98b67 100644 --- a/libmisc/copydir.c +++ b/libmisc/copydir.c @@ -484,7 +484,7 @@ static int copy_dir (const char *src, const char *dst, */ #ifdef WITH_SELINUX - if (set_selinux_file_context (dst) != 0) { + if (set_selinux_file_context (dst, S_IFDIR) != 0) { return -1; } #endif /* WITH_SELINUX */ @@ -605,7 +605,7 @@ static int copy_symlink (const char *src, const char *dst, } #ifdef WITH_SELINUX - if (set_selinux_file_context (dst) != 0) { + if (set_selinux_file_context (dst, S_IFLNK) != 0) { free (oldlink); return -1; } @@ -684,7 +684,7 @@ static int copy_special (const char *src, const char *dst, int err = 0; #ifdef WITH_SELINUX - if (set_selinux_file_context (dst) != 0) { + if (set_selinux_file_context (dst, statp->st_mode & S_IFMT) != 0) { return -1; } #endif /* WITH_SELINUX */ @@ -744,7 +744,7 @@ static int copy_file (const char *src, const char *dst, return -1; } #ifdef WITH_SELINUX - if (set_selinux_file_context (dst) != 0) { + if (set_selinux_file_context (dst, S_IFREG) != 0) { return -1; } #endif /* WITH_SELINUX */ diff --git a/src/useradd.c b/src/useradd.c index dcda3196..b3fff895 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -2177,7 +2177,7 @@ static void create_home (void) ++bhome; #ifdef WITH_SELINUX - if (set_selinux_file_context (prefix_user_home) != 0) { + if (set_selinux_file_context (prefix_user_home, S_IFDIR) != 0) { fprintf (stderr, _("%s: cannot set SELinux context for home directory %s\n"), Prog, user_home); @@ -2305,7 +2305,7 @@ static void create_mail (void) sprintf (file, "%s/%s", spool, user_name); #ifdef WITH_SELINUX - if (set_selinux_file_context (file) != 0) { + if (set_selinux_file_context (file, S_IFREG) != 0) { fprintf (stderr, _("%s: cannot set SELinux context for mailbox file %s\n"), Prog, file);