From: Iker Pedrosa Date: Fri, 25 Apr 2025 13:13:12 +0000 (+0200) Subject: lib/: add SELinux control flag in commonio_close() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db0e0b9112332a45131912021317ab5ab4fd6e40;p=thirdparty%2Fshadow.git lib/: add SELinux control flag in commonio_close() Expand commonio_close() interface to add a control flag for SELinux file context processing. Signed-off-by: Iker Pedrosa --- diff --git a/lib/commonio.c b/lib/commonio.c index ce5f17b4e..011279801 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -473,7 +473,7 @@ int commonio_unlock (struct commonio_db *db) if (db->isopen) { db->readonly = true; - if (commonio_close (db) == 0) { + if (commonio_close (db, true) == 0) { if (db->locked) { dec_lock_count (); } @@ -885,7 +885,7 @@ static int write_all (const struct commonio_db *db) } -int commonio_close (struct commonio_db *db) +int commonio_close (struct commonio_db *db, bool process_selinux) { bool errors = false; char buf[1024]; @@ -927,7 +927,8 @@ int commonio_close (struct commonio_db *db) } #ifdef WITH_SELINUX - if (set_selinux_file_context (db->filename, S_IFREG) != 0) { + if (process_selinux + && set_selinux_file_context (db->filename, S_IFREG) != 0) { errors = true; } #endif @@ -942,7 +943,8 @@ int commonio_close (struct commonio_db *db) db->fp = NULL; #ifdef WITH_SELINUX - if (reset_selinux_file_context () != 0) { + if (process_selinux + && reset_selinux_file_context () != 0) { errors = true; } #endif @@ -961,7 +963,8 @@ int commonio_close (struct commonio_db *db) goto fail; #ifdef WITH_SELINUX - if (set_selinux_file_context (db->filename, S_IFREG) != 0) { + if (process_selinux + && set_selinux_file_context (db->filename, S_IFREG) != 0) { errors = true; } #endif @@ -999,7 +1002,8 @@ int commonio_close (struct commonio_db *db) } #ifdef WITH_SELINUX - if (reset_selinux_file_context () != 0) { + if (process_selinux + && reset_selinux_file_context () != 0) { goto fail; } #endif diff --git a/lib/commonio.h b/lib/commonio.h index fedbefa3d..dadc05008 100644 --- a/lib/commonio.h +++ b/lib/commonio.h @@ -138,7 +138,7 @@ extern int commonio_append (struct commonio_db *, const void *); extern int commonio_remove (struct commonio_db *, const char *); extern int commonio_rewind (struct commonio_db *); extern /*@observer@*/ /*@null@*/const void *commonio_next (struct commonio_db *); -extern int commonio_close (struct commonio_db *); +extern int commonio_close (struct commonio_db *, bool); extern int commonio_unlock (struct commonio_db *); extern void commonio_del_entry (struct commonio_db *, const struct commonio_entry *); diff --git a/lib/groupio.c b/lib/groupio.c index 0af395a95..0bce549fd 100644 --- a/lib/groupio.c +++ b/lib/groupio.c @@ -187,7 +187,7 @@ int gr_rewind (void) int gr_close (void) { - return commonio_close (&group_db); + return commonio_close (&group_db, true); } int gr_unlock (void) diff --git a/lib/pwio.c b/lib/pwio.c index 463f8378c..f834354a4 100644 --- a/lib/pwio.c +++ b/lib/pwio.c @@ -160,7 +160,7 @@ int pw_rewind (void) int pw_close (void) { - return commonio_close (&passwd_db); + return commonio_close (&passwd_db, true); } int pw_unlock (void) diff --git a/lib/sgroupio.c b/lib/sgroupio.c index 5c1096579..2cf509bc1 100644 --- a/lib/sgroupio.c +++ b/lib/sgroupio.c @@ -282,7 +282,7 @@ int sgr_rewind (void) int sgr_close (void) { - return commonio_close (&gshadow_db); + return commonio_close (&gshadow_db, true); } int sgr_unlock (void) diff --git a/lib/shadowio.c b/lib/shadowio.c index bf7181751..89c94dd61 100644 --- a/lib/shadowio.c +++ b/lib/shadowio.c @@ -197,7 +197,7 @@ int spw_close (void) return 0; } #endif /* WITH_TCB */ - retval = commonio_close (&shadow_db); + retval = commonio_close (&shadow_db, true); #ifdef WITH_TCB if (use_tcb && (shadowtcb_gain_priv () == SHADOWTCB_FAILURE)) { return 0; diff --git a/lib/subordinateio.c b/lib/subordinateio.c index 9fc53f004..1a9bbbfa2 100644 --- a/lib/subordinateio.c +++ b/lib/subordinateio.c @@ -671,7 +671,7 @@ int sub_uid_remove (const char *owner, uid_t start, unsigned long count) int sub_uid_close (void) { - return commonio_close (&subordinate_uid_db); + return commonio_close (&subordinate_uid_db, true); } int sub_uid_unlock (void) @@ -809,7 +809,7 @@ int sub_gid_remove (const char *owner, gid_t start, unsigned long count) int sub_gid_close (void) { - return commonio_close (&subordinate_gid_db); + return commonio_close (&subordinate_gid_db, true); } int sub_gid_unlock (void)