src/pwunconv.c: chroot or prefix SELinux file context

Do not process SELinux file context during file closure when chroot or
prefix options are selected.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

diff --git a/src/pwunconv.c b/src/pwunconv.c
index ddbc8105254362ad8a9d7093ee016a3a1de70544..ae396e6d844dbd158700a8578126e39f235b69ef 100644 (file)
--- a/src/pwunconv.c
+++ b/src/pwunconv.c
@@ -30,6 +30,9 @@
 #include "sssd.h"
 #include "string/strcmp/streq.h"
 
+struct option_flags {
+       bool chroot;
+};
 
 /*
  * Global variables
@@ -42,7 +45,7 @@ static bool pw_locked = false;
 /* local function prototypes */
 static void fail_exit (int status);
 static void usage (int status);
-static void process_flags (int argc, char **argv);
+static void process_flags (int argc, char **argv, struct option_flags *flags);
 
 static void fail_exit (int status)
 {
@@ -82,7 +85,7 @@ static void usage (int status)
  *
  *     It will not return if an error is encountered.
  */
-static void process_flags (int argc, char **argv)
+static void process_flags (int argc, char **argv, struct option_flags *flags)
 {
        /*
         * Parse the command line options.
@@ -101,6 +104,7 @@ static void process_flags (int argc, char **argv)
                        usage (E_SUCCESS);
                        /*@notreached@*/break;
                case 'R': /* no-op, handled in process_root_flag () */
+                       flags->chroot = true;
                        break;
                default:
                        usage (E_USAGE);
@@ -117,6 +121,8 @@ int main (int argc, char **argv)
        const struct passwd *pw;
        struct passwd pwent;
        const struct spwd *spwd;
+       struct option_flags  flags;
+       bool process_selinux;
 
        log_set_progname(Prog);
        log_set_logfd(stderr);
@@ -129,7 +135,8 @@ int main (int argc, char **argv)
 
        OPENLOG (Prog);
 
-       process_flags (argc, argv);
+       process_flags (argc, argv, &flags);
+       process_selinux = !flags.chroot;
 
 #ifdef WITH_TCB
        if (getdef_bool("USE_TCB")) {
@@ -205,9 +212,9 @@ int main (int argc, char **argv)
                }
        }
 
-       (void) spw_close (true); /* was only open O_RDONLY */
+       (void) spw_close (process_selinux); /* was only open O_RDONLY */
 
-       if (pw_close (true) == 0) {
+       if (pw_close (process_selinux) == 0) {
                fprintf (stderr,
                         _("%s: failure while writing changes to %s\n"),
                         Prog, pw_dbname ());
@@ -222,12 +229,12 @@ int main (int argc, char **argv)
                fail_exit (3);
        }
 
-       if (spw_unlock (true) == 0) {
+       if (spw_unlock (process_selinux) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
                /* continue */
        }
-       if (pw_unlock (true) == 0) {
+       if (pw_unlock (process_selinux) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                /* continue */