semanage: close the selabel handle

Close the selabel handle to update the file_context. This means that the
file_context will be remmaped and used by selabel_lookup() to return
the appropriate context to label the home folder.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1993081

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

diff --git a/lib/prototypes.h b/lib/prototypes.h
index 1d1586d42e0da5460fc16c820731a4aeecf4b02f..b697e0ecc521e227ef76945a9cb6d80646dae7fa 100644 (file)
--- a/lib/prototypes.h
+++ b/lib/prototypes.h
@@ -392,6 +392,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const
 /* selinux.c */
 #ifdef WITH_SELINUX
 extern int set_selinux_file_context (const char *dst_name, mode_t mode);
+extern void reset_selinux_handle (void);
 extern int reset_selinux_file_context (void);
 extern int check_selinux_permit (const char *perm_name);
 #endif

diff --git a/lib/selinux.c b/lib/selinux.c
index c83545f99a4d11018188467db73de64fa8027a45..b075d4c04df4c5c99b70f87489d2198617a39b9b 100644 (file)
--- a/lib/selinux.c
+++ b/lib/selinux.c
@@ -50,6 +50,11 @@ static void cleanup(void)
        }
 }
 
+void reset_selinux_handle (void)
+{
+    cleanup();
+}
+
 /*
  * set_selinux_file_context - Set the security context before any file or
  *                            directory creation.

diff --git a/lib/semanage.c b/lib/semanage.c
index 0d30456a2faa5f3fc858cf7fdd68ea1a62e8f317..a5bf921858fdfd77d69e516ec3fee7442bedf449 100644 (file)
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -293,6 +293,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
        }
 
        ret = 0;
+       reset_selinux_handle();
 
 done:
        semanage_seuser_key_free (key);