lib/: add SELinux control flag in commonio_unlock()

author Iker Pedrosa <ipedrosa@redhat.com>

Fri, 25 Apr 2025 13:44:06 +0000 (15:44 +0200)

committer Iker Pedrosa <ipedrosa@redhat.com>

Tue, 7 Oct 2025 09:04:39 +0000 (11:04 +0200)
author Iker Pedrosa <ipedrosa@redhat.com>
Fri, 25 Apr 2025 13:44:06 +0000 (15:44 +0200)
committer Iker Pedrosa <ipedrosa@redhat.com>
Tue, 7 Oct 2025 09:04:39 +0000 (11:04 +0200)
diff --git a/lib/commonio.c b/lib/commonio.c

index 01127980149dea0f00050b457363af4e8171864a..effe1f7a7ebcc75664e74576bca5b23e00630988 100644 (file)
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -467,13 +467,13 @@ static void dec_lock_count (void)
  }
  
  
-int commonio_unlock (struct commonio_db *db)
+int commonio_unlock (struct commonio_db *db, bool process_selinux)
  {
         char  lock[1029];
  
         if (db->isopen) {
                 db->readonly = true;
-               if (commonio_close (db, true) == 0) {
+               if (commonio_close (db, process_selinux) == 0) {
                         if (db->locked) {
                                 dec_lock_count ();
                         }
diff --git a/lib/commonio.h b/lib/commonio.h

index dadc05008d99d87814232391fa0d80b17d2dfd31..8b8f5cf47f9a76a7bb9382b58c1b3eac09126aa6 100644 (file)
--- a/lib/commonio.h
+++ b/lib/commonio.h
@@ -139,7 +139,7 @@ extern int commonio_remove (struct commonio_db *, const char *);
  extern int commonio_rewind (struct commonio_db *);
  extern /*@observer@*/ /*@null@*/const void *commonio_next (struct commonio_db *);
  extern int commonio_close (struct commonio_db *, bool);
-extern int commonio_unlock (struct commonio_db *);
+extern int commonio_unlock (struct commonio_db *, bool);
  extern void commonio_del_entry (struct commonio_db *,
                                  const struct commonio_entry *);
  extern int commonio_sort_wrt (struct commonio_db *shadow,
diff --git a/lib/groupio.c b/lib/groupio.c

index b5a587aa271caa727552f4716f9abdb127767c01..b47d26fc003674e512ec41ced754b99e35320ffb 100644 (file)
--- a/lib/groupio.c
+++ b/lib/groupio.c
@@ -192,7 +192,7 @@ int gr_close (bool process_selinux)
  
  int gr_unlock (void)
  {
-       return commonio_unlock (&group_db);
+       return commonio_unlock (&group_db, true);
  }
  
  void __gr_set_changed (void)
diff --git a/lib/pwio.c b/lib/pwio.c

index cda2a21caf1d5fd85867bc574e87a44739436851..ea2324af919d9ad7232938ede6588a77b11ce865 100644 (file)
--- a/lib/pwio.c
+++ b/lib/pwio.c
@@ -165,7 +165,7 @@ int pw_close (bool process_selinux)
  
  int pw_unlock (void)
  {
-       return commonio_unlock (&passwd_db);
+       return commonio_unlock (&passwd_db, true);
  }
  
  /*@null@*/struct commonio_entry *__pw_get_head (void)
diff --git a/lib/sgroupio.c b/lib/sgroupio.c

index f2a5bdaaffc50e2e405bcc1eb2a9fdfbc1c425da..349638522bcd0d03cc6af1e4a44f19df6250f2e7 100644 (file)
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -287,7 +287,7 @@ int sgr_close (bool process_selinux)
  
  int sgr_unlock (void)
  {
-       return commonio_unlock (&gshadow_db);
+       return commonio_unlock (&gshadow_db, true);
  }
  
  void __sgr_set_changed (void)
diff --git a/lib/shadowio.c b/lib/shadowio.c

index 903dcf38fea43b88b51ee04da10bba6ceb455f2d..efa33b5bfba4756dc7d2eeeb79e725131bff7707 100644 (file)
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -213,7 +213,7 @@ int spw_unlock (void)
  
         if (!getdef_bool ("USE_TCB")) {
  #endif                         /* WITH_TCB */
-               return commonio_unlock (&shadow_db);
+               return commonio_unlock (&shadow_db, true);
  #ifdef WITH_TCB
         }
         if (shadowtcb_drop_priv () == SHADOWTCB_FAILURE) {
diff --git a/lib/subordinateio.c b/lib/subordinateio.c

index 405bd2c0935ea52aee034a23a7fcb91daf3b3af5..44393d0331579c03709fa1a8899e0e7b63fc08cc 100644 (file)
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -676,7 +676,7 @@ int sub_uid_close (bool process_selinux)
  
  int sub_uid_unlock (void)
  {
-       return commonio_unlock (&subordinate_uid_db);
+       return commonio_unlock (&subordinate_uid_db, true);
  }
  
  uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count)
@@ -814,7 +814,7 @@ int sub_gid_close (bool process_selinux)
  
  int sub_gid_unlock (void)
  {
-       return commonio_unlock (&subordinate_gid_db);
+       return commonio_unlock (&subordinate_gid_db, true);
  }
  
  gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count)
author	Iker Pedrosa <ipedrosa@redhat.com>
	Fri, 25 Apr 2025 13:44:06 +0000 (15:44 +0200)
committer	Iker Pedrosa <ipedrosa@redhat.com>
	Tue, 7 Oct 2025 09:04:39 +0000 (11:04 +0200)
lib/commonio.c		patch \| blob \| blame \| history
lib/commonio.h		patch \| blob \| blame \| history
lib/groupio.c		patch \| blob \| blame \| history
lib/pwio.c		patch \| blob \| blame \| history
lib/sgroupio.c		patch \| blob \| blame \| history
lib/shadowio.c		patch \| blob \| blame \| history
lib/subordinateio.c		patch \| blob \| blame \| history