From: Martin Kletzander <mkletzan@redhat.com>
Date: Fri, 3 Mar 2023 10:46:33 +0000 (+0100)
Subject: ch(g)passwd: Check selinux permissions upon startup
X-Git-Tag: 4.14.0-rc1~60
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c7327842cdcebe15caecb84a14c2b6b6eb10560;p=thirdparty%2Fshadow.git

ch(g)passwd: Check selinux permissions upon startup

The permission also need to be checked before process_root_flag() since
that can chroot into non-selinux environment (unavailable selinux mount
point for example).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---

diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index b750994e2..fe4055d8a 100644
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -424,6 +424,12 @@ int main (int argc, char **argv)
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
+#ifdef WITH_SELINUX
+	if (check_selinux_permit ("passwd") != 0) {
+		return (E_NOPERM);
+	}
+#endif				/* WITH_SELINUX */
+
 	process_root_flag ("-R", argc, argv);
 
 	process_flags (argc, argv);
diff --git a/src/chpasswd.c b/src/chpasswd.c
index 4a04c4f46..3cfd611eb 100644
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -452,6 +452,12 @@ int main (int argc, char **argv)
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
+#ifdef WITH_SELINUX
+	if (check_selinux_permit ("passwd") != 0) {
+		return (E_NOPERM);
+	}
+#endif				/* WITH_SELINUX */
+
 	process_flags (argc, argv);
 
 	salt = get_salt();