From: Iker Pedrosa Date: Fri, 25 Apr 2025 14:10:09 +0000 (+0200) Subject: lib/, src/: add SELinux control flag in sub_uid_unlock() X-Git-Tag: 4.19.0-rc1~128^2~43 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06c5ae8c28e586cabe77722452315fe8385c8ed2;p=thirdparty%2Fshadow.git lib/, src/: add SELinux control flag in sub_uid_unlock() Expand sub_uid_unlock() interface to add a control flag for SELinux file context processing. Signed-off-by: Iker Pedrosa --- diff --git a/lib/subordinateio.c b/lib/subordinateio.c index 44393d033..8384683a9 100644 --- a/lib/subordinateio.c +++ b/lib/subordinateio.c @@ -674,9 +674,9 @@ int sub_uid_close (bool process_selinux) return commonio_close (&subordinate_uid_db, process_selinux); } -int sub_uid_unlock (void) +int sub_uid_unlock (bool process_selinux) { - return commonio_unlock (&subordinate_uid_db, true); + return commonio_unlock (&subordinate_uid_db, process_selinux); } uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count) @@ -1046,7 +1046,7 @@ bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, b } if (!sub_uid_open(O_CREAT | O_RDWR)) { printf("Failed opening subuids (errno %d)\n", errno); - sub_uid_unlock(); + sub_uid_unlock(true); return false; } db = &subordinate_uid_db; @@ -1093,7 +1093,7 @@ bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, b out: if (id_type == ID_TYPE_UID) { sub_uid_close(true); - sub_uid_unlock(); + sub_uid_unlock(true); } else { sub_gid_close(true); sub_gid_unlock(); @@ -1118,7 +1118,7 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ } if (!sub_uid_open(O_CREAT | O_RDWR)) { printf("Failed opening subuids (errno %d)\n", errno); - sub_uid_unlock(); + sub_uid_unlock(true); return false; } db = &subordinate_uid_db; @@ -1143,7 +1143,7 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ if (id_type == ID_TYPE_UID) { sub_uid_close(true); - sub_uid_unlock(); + sub_uid_unlock(true); } else { sub_gid_close(true); sub_gid_unlock(); diff --git a/lib/subordinateio.h b/lib/subordinateio.h index ff231f30e..88f1ec97f 100644 --- a/lib/subordinateio.h +++ b/lib/subordinateio.h @@ -21,7 +21,7 @@ extern int sub_uid_lock (void); extern int sub_uid_setdbname (const char *filename); extern /*@observer@*/const char *sub_uid_dbname (void); extern int sub_uid_open (int mode); -extern int sub_uid_unlock (void); +extern int sub_uid_unlock (bool process_selinux); extern int sub_uid_add (const char *owner, uid_t start, unsigned long count); extern int sub_uid_remove (const char *owner, uid_t start, unsigned long count); extern uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count); diff --git a/src/newusers.c b/src/newusers.c index da88d40b1..dd79a5ae2 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -197,7 +197,7 @@ static void fail_exit (int code) #endif #ifdef ENABLE_SUBIDS if (sub_uid_locked) { - if (sub_uid_unlock () == 0) { + if (sub_uid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); /* continue */ @@ -1022,7 +1022,7 @@ static void close_files (void) #endif #ifdef ENABLE_SUBIDS if (is_sub_uid) { - if (sub_uid_unlock () == 0) { + if (sub_uid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); /* continue */ diff --git a/src/useradd.c b/src/useradd.c index c6dd5d54a..93293050c 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -286,7 +286,7 @@ static void fail_exit (int code) } #endif #ifdef ENABLE_SUBIDS - if (sub_uid_locked && sub_uid_unlock() == 0) { + if (sub_uid_locked && sub_uid_unlock(true) == 0) { fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname()); SYSLOG((LOG_ERR, "failed to unlock %s", sub_uid_dbname())); /* continue */ @@ -1621,7 +1621,7 @@ static void close_files (void) #ifdef ENABLE_SUBIDS if (is_sub_uid) { - if (sub_uid_unlock () == 0) { + if (sub_uid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); #ifdef WITH_AUDIT diff --git a/src/userdel.c b/src/userdel.c index b045c7ebb..e57b845fd 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -455,7 +455,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ())); fail_exit (E_SUB_UID_UPDATE); } - if (sub_uid_unlock () == 0) { + if (sub_uid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); /* continue */ @@ -516,7 +516,7 @@ static void fail_exit (int code) #endif /* SHADOWGRP */ #ifdef ENABLE_SUBIDS if (sub_uid_locked) { - if (sub_uid_unlock () == 0) { + if (sub_uid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); /* continue */ diff --git a/src/usermod.c b/src/usermod.c index eb3d6595f..7817b23b6 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -666,7 +666,7 @@ fail_exit (int code) } #ifdef ENABLE_SUBIDS if (sub_uid_locked) { - if (sub_uid_unlock () == 0) { + if (sub_uid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); /* continue */ @@ -1569,7 +1569,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ())); fail_exit (E_SUB_UID_UPDATE); } - if (sub_uid_unlock () == 0) { + if (sub_uid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); /* continue */