lib/, src/: add SELinux control flag in sub_gid_unlock()

Expand sub_gid_unlock() interface to add a control flag for SELinux file
context processing.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

diff --git a/lib/subordinateio.c b/lib/subordinateio.c
index 8384683a9920f1d221b3d2af2e679ac0541d8267..0ceeecafd43cae3acf42b3f8f97a6d2277677eb5 100644 (file)
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -812,9 +812,9 @@ int sub_gid_close (bool process_selinux)
        return commonio_close (&subordinate_gid_db, process_selinux);
 }
 
-int sub_gid_unlock (void)
+int sub_gid_unlock (bool process_selinux)
 {
-       return commonio_unlock (&subordinate_gid_db, true);
+       return commonio_unlock (&subordinate_gid_db, process_selinux);
 }
 
 gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count)
@@ -1058,7 +1058,7 @@ bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, b
                }
                if (!sub_gid_open(O_CREAT | O_RDWR)) {
                        printf("Failed opening subgids (errno %d)\n", errno);
-                       sub_gid_unlock();
+                       sub_gid_unlock(true);
                        return false;
                }
                db = &subordinate_gid_db;
@@ -1096,7 +1096,7 @@ out:
                sub_uid_unlock(true);
        } else {
                sub_gid_close(true);
-               sub_gid_unlock();
+               sub_gid_unlock(true);
        }
 
        return ret;
@@ -1130,7 +1130,7 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ
                }
                if (!sub_gid_open(O_CREAT | O_RDWR)) {
                        printf("Failed opening subgids (errno %d)\n", errno);
-                       sub_gid_unlock();
+                       sub_gid_unlock(true);
                        return false;
                }
                db = &subordinate_gid_db;
@@ -1146,7 +1146,7 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ
                sub_uid_unlock(true);
        } else {
                sub_gid_close(true);
-               sub_gid_unlock();
+               sub_gid_unlock(true);
        }
 
        return ret;

diff --git a/lib/subordinateio.h b/lib/subordinateio.h
index 88f1ec97fcc7bb5c634d3656e30acc6a6d6ee4fa..38f9f285784cf175309553c8bdd70852ae44e431 100644 (file)
--- a/lib/subordinateio.h
+++ b/lib/subordinateio.h
@@ -40,7 +40,7 @@ extern int sub_gid_lock (void);
 extern int sub_gid_setdbname (const char *filename);
 extern /*@observer@*/const char *sub_gid_dbname (void);
 extern int sub_gid_open (int mode);
-extern int sub_gid_unlock (void);
+extern int sub_gid_unlock (bool process_selinux);
 extern int sub_gid_add (const char *owner, gid_t start, unsigned long count);
 extern int sub_gid_remove (const char *owner, gid_t start, unsigned long count);
 extern uid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count);

diff --git a/src/newusers.c b/src/newusers.c
index dd79a5ae2eb8c1f53f9432b1ee839f599c3a91c8..9be96c25e49342555ec1f402a572f10a9cd1e864 100644 (file)
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -204,7 +204,7 @@ static void fail_exit (int code)
                }
        }
        if (sub_gid_locked) {
-               if (sub_gid_unlock () == 0) {
+               if (sub_gid_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
                        /* continue */
@@ -1030,7 +1030,7 @@ static void close_files (void)
                sub_uid_locked = false;
        }
        if (is_sub_gid) {
-               if (sub_gid_unlock () == 0) {
+               if (sub_gid_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
                        /* continue */

diff --git a/src/useradd.c b/src/useradd.c
index 93293050c926ed0a4cdbb55b66e3f8d1ef41f976..d631a8fae5f2466c3739120ddb0238143c588f54 100644 (file)
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -291,7 +291,7 @@ static void fail_exit (int code)
                SYSLOG((LOG_ERR, "failed to unlock %s", sub_uid_dbname()));
                /* continue */
        }
-       if (sub_gid_locked && sub_gid_unlock() == 0) {
+       if (sub_gid_locked && sub_gid_unlock(true) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname());
                SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname()));
                /* continue */
@@ -1635,7 +1635,7 @@ static void close_files (void)
                sub_uid_locked = false;
        }
        if (is_sub_gid) {
-               if (sub_gid_unlock () == 0) {
+               if (sub_gid_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
 #ifdef WITH_AUDIT

diff --git a/src/userdel.c b/src/userdel.c
index e57b845fde83f440a982dc97ccece31e03fcfe86..a3805c6e6c29c57a809d3d8e741cb66ac73fa608 100644 (file)
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -469,7 +469,7 @@ static void close_files (void)
                        SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
                        fail_exit (E_SUB_GID_UPDATE);
                }
-               if (sub_gid_unlock () == 0) {
+               if (sub_gid_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
                        /* continue */
@@ -523,7 +523,7 @@ static void fail_exit (int code)
                }
        }
        if (sub_gid_locked) {
-               if (sub_gid_unlock () == 0) {
+               if (sub_gid_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
                        /* continue */

diff --git a/src/usermod.c b/src/usermod.c
index 7817b23b690b4e9592b31582d68f7aa1c445598c..f1df1ffde57acd4e63885b7976b2b216b8e5b63f 100644 (file)
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -673,7 +673,7 @@ fail_exit (int code)
                }
        }
        if (sub_gid_locked) {
-               if (sub_gid_unlock () == 0) {
+               if (sub_gid_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
                        /* continue */
@@ -1582,7 +1582,7 @@ static void close_files (void)
                        SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
                        fail_exit (E_SUB_GID_UPDATE);
                }
-               if (sub_gid_unlock () == 0) {
+               if (sub_gid_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
                        /* continue */