66 lines
1.7 KiB
Diff
66 lines
1.7 KiB
Diff
From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
|
|
Date: Sat, 22 Jun 2024 17:39:41 +0200
|
|
Subject: cppw: add selinux support
|
|
|
|
Status wrt upstream: cppw is not available upstream.
|
|
Needs to be reviewed by an SE-Linux aware person.
|
|
|
|
Gbp-Topic: debian
|
|
---
|
|
src/cppw.c | 28 ++++++++++++++++++++++++++++
|
|
1 file changed, 28 insertions(+)
|
|
|
|
diff --git a/src/cppw.c b/src/cppw.c
|
|
index beb4c36..2cbbbc0 100644
|
|
--- a/src/cppw.c
|
|
+++ b/src/cppw.c
|
|
@@ -34,6 +34,9 @@
|
|
#include <sys/types.h>
|
|
#include <signal.h>
|
|
#include <utime.h>
|
|
+#ifdef WITH_SELINUX
|
|
+#include <selinux/selinux.h>
|
|
+#endif /* WITH_SELINUX */
|
|
#include "exitcodes.h"
|
|
#include "prototypes.h"
|
|
#include "pwio.h"
|
|
@@ -139,6 +142,22 @@ static void cppwcopy (const char *file,
|
|
if (access (file, F_OK) != 0) {
|
|
cppwexit (file, 1, 1);
|
|
}
|
|
+#ifdef WITH_SELINUX
|
|
+ /* if SE Linux is enabled then set the context of all new files
|
|
+ * to be the context of the file we are editing */
|
|
+ if (is_selinux_enabled () > 0) {
|
|
+ security_context_t passwd_context=NULL;
|
|
+ int ret = 0;
|
|
+ if (getfilecon (file, &passwd_context) < 0) {
|
|
+ cppwexit (_("Couldn't get file context"), errno, 1);
|
|
+ }
|
|
+ ret = setfscreatecon (passwd_context);
|
|
+ freecon (passwd_context);
|
|
+ if (0 != ret) {
|
|
+ cppwexit (_("setfscreatecon () failed"), errno, 1);
|
|
+ }
|
|
+ }
|
|
+#endif /* WITH_SELINUX */
|
|
if (file_lock () == 0) {
|
|
cppwexit (_("Couldn't lock file"), 0, 5);
|
|
}
|
|
@@ -167,6 +186,15 @@ static void cppwcopy (const char *file,
|
|
cppwexit (NULL,0,1);
|
|
}
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ /* unset the fscreatecon */
|
|
+ if (is_selinux_enabled () > 0) {
|
|
+ if (setfscreatecon (NULL)) {
|
|
+ cppwexit (_("setfscreatecon() failed"), errno, 1);
|
|
+ }
|
|
+ }
|
|
+#endif /* WITH_SELINUX */
|
|
+
|
|
(*file_unlock) ();
|
|
}
|
|
|