diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2020-07-27 20:16:20 +0200 |
|---|---|---|
| committer | Tomáš Mráz <tmraz@redhat.com> | 2020-08-05 16:30:03 +0200 |
| commit | 31682cd25f7add493216e9bca5d33adab617386a (patch) | |
| tree | e8b9dd780f33da70490a155ecb0ed4d3b14fef5b | |
| parent | 3f5fbf9cee564ad05ff35019dd1000598a6ed075 (diff) | |
| download | linux-pam-git-31682cd25f7add493216e9bca5d33adab617386a.tar.gz | |
pam_namespace: replace deprecated matchpathcon
The matchpathcon family is deprecated.
Use the selabel family.
| -rw-r--r-- | modules/pam_namespace/pam_namespace.c | 34 | ||||
| -rw-r--r-- | modules/pam_namespace/pam_namespace.h | 1 |
2 files changed, 22 insertions, 13 deletions
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index 08e3097c..94a2223a 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -1319,6 +1319,7 @@ static int create_polydir(struct polydir_s *polyptr, int rc; #ifdef WITH_SELINUX char *dircon, *oldcon = NULL; + struct selabel_handle *label_handle; #endif const char *dir = polyptr->dir; uid_t uid; @@ -1332,20 +1333,27 @@ static int create_polydir(struct polydir_s *polyptr, #ifdef WITH_SELINUX if (idata->flags & PAMNS_SELINUX_ENABLED) { getfscreatecon(&oldcon); - rc = matchpathcon(dir, S_IFDIR, &dircon); - if (rc) { - pam_syslog(idata->pamh, LOG_NOTICE, - "Unable to get default context for directory %s, check your policy: %m", dir); - } else { - if (idata->flags & PAMNS_DEBUG) - pam_syslog(idata->pamh, LOG_DEBUG, - "Polydir %s context: %s", dir, (char *)dircon); - if (setfscreatecon(dircon) != 0) + + label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0); + if (!label_handle) { + pam_syslog(idata->pamh, LOG_NOTICE, + "Unable to initialize SELinux labeling handle: %m"); + } else { + rc = selabel_lookup_raw(label_handle, &dircon, dir, S_IFDIR); + if (rc) { pam_syslog(idata->pamh, LOG_NOTICE, - "Error setting context for directory %s: %m", dir); - freecon(dircon); - } - matchpathcon_fini(); + "Unable to get default context for directory %s, check your policy: %m", dir); + } else { + if (idata->flags & PAMNS_DEBUG) + pam_syslog(idata->pamh, LOG_DEBUG, + "Polydir %s context: %s", dir, dircon); + if (setfscreatecon_raw(dircon) != 0) + pam_syslog(idata->pamh, LOG_NOTICE, + "Error setting context for directory %s: %m", dir); + freecon(dircon); + } + selabel_close(label_handle); + } } #endif diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h index 3a1e4ba3..b51f2841 100644 --- a/modules/pam_namespace/pam_namespace.h +++ b/modules/pam_namespace/pam_namespace.h @@ -68,6 +68,7 @@ #include <selinux/selinux.h> #include <selinux/get_context_list.h> #include <selinux/context.h> +#include <selinux/label.h> #endif #ifndef CLONE_NEWNS |