src/pwconv.c: chroot or prefix SELinux file context

Do not process SELinux file context during file closure when chroot or
prefix options are selected.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

diff --git a/src/pwconv.c b/src/pwconv.c
index acefb0e27845f43afbb04fa5c347085e473aeb51..523b92b8db738ac0b03e9b4315c29a8558d1bc2f 100644 (file)
--- a/src/pwconv.c
+++ b/src/pwconv.c
@@ -67,6 +67,11 @@
 #define E_MISSING      4       /* unexpected failure, passwd file missing */
 #define E_PWDBUSY      5       /* passwd file(s) busy */
 #define E_BADENTRY     6       /* bad shadow entry */
+
+struct option_flags {
+       bool chroot;
+};
+
 /*
  * Global variables
  */
@@ -78,7 +83,7 @@ static bool pw_locked = false;
 /* local function prototypes */
 static void fail_exit (int status);
 static void usage (int status);
-static void process_flags (int argc, char **argv);
+static void process_flags (int argc, char **argv, struct option_flags *flags);
 
 static void fail_exit (int status)
 {
@@ -120,7 +125,7 @@ static void usage (int status)
  *
  *     It will not return if an error is encountered.
  */
-static void process_flags (int argc, char **argv)
+static void process_flags (int argc, char **argv, struct option_flags *flags)
 {
        /*
         * Parse the command line options.
@@ -139,6 +144,7 @@ static void process_flags (int argc, char **argv)
                        usage (E_SUCCESS);
                        /*@notreached@*/break;
                case 'R': /* no-op, handled in process_root_flag () */
+                       flags->chroot = true;
                        break;
                default:
                        usage (E_USAGE);
@@ -156,6 +162,8 @@ int main (int argc, char **argv)
        struct passwd pwent;
        const struct spwd *sp;
        struct spwd spent;
+       struct option_flags  flags;
+       bool process_selinux;
 
        log_set_progname(Prog);
        log_set_logfd(stderr);
@@ -168,7 +176,8 @@ int main (int argc, char **argv)
 
        OPENLOG (Prog);
 
-       process_flags (argc, argv);
+       process_flags (argc, argv, &flags);
+       process_selinux = !flags.chroot;
 
 #ifdef WITH_TCB
        if (getdef_bool("USE_TCB")) {
@@ -274,14 +283,14 @@ int main (int argc, char **argv)
                }
        }
 
-       if (spw_close (true) == 0) {
+       if (spw_close (process_selinux) == 0) {
                fprintf (stderr,
                         _("%s: failure while writing changes to %s\n"),
                         Prog, spw_dbname ());
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ()));
                fail_exit (E_FAILURE);
        }
-       if (pw_close (true) == 0) {
+       if (pw_close (process_selinux) == 0) {
                fprintf (stderr,
                         _("%s: failure while writing changes to %s\n"),
                         Prog, pw_dbname ());
@@ -299,13 +308,13 @@ int main (int argc, char **argv)
                /* continue */
        }
 
-       if (pw_unlock (true) == 0) {
+       if (pw_unlock (process_selinux) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                /* continue */
        }
 
-       if (spw_unlock (true) == 0) {
+       if (spw_unlock (process_selinux) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
                /* continue */