lib/, src/: add SELinux control flag in sub_gid_close()

Expand sub_gid_close() interface to add a control flag for SELinux file
context processing.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

diff --git a/lib/subordinateio.c b/lib/subordinateio.c
index dd0a95899324f53d1887d7fa55922502fd41dc06..405bd2c0935ea52aee034a23a7fcb91daf3b3af5 100644 (file)
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -593,7 +593,7 @@ static bool have_range(struct commonio_db *db,
                if (db == &subordinate_uid_db)
                        sub_uid_close(true);
                else
-                       sub_gid_close();
+                       sub_gid_close(true);
        }
 
        return ret;
@@ -807,9 +807,9 @@ int sub_gid_remove (const char *owner, gid_t start, unsigned long count)
        return remove_range (&subordinate_gid_db, owner, start, count);
 }
 
-int sub_gid_close (void)
+int sub_gid_close (bool process_selinux)
 {
-       return commonio_close (&subordinate_gid_db, true);
+       return commonio_close (&subordinate_gid_db, process_selinux);
 }
 
 int sub_gid_unlock (void)
@@ -933,7 +933,7 @@ out:
        if (id_type == ID_TYPE_UID)
                sub_uid_close(true);
        else
-               sub_gid_close();
+               sub_gid_close(true);
 
        *in_ranges = ranges;
        return count;
@@ -1024,7 +1024,7 @@ int find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids)
        if (id_type == ID_TYPE_UID)
                sub_uid_close(true);
        else
-               sub_gid_close();
+               sub_gid_close(true);
 
        return n;
 }
@@ -1095,7 +1095,7 @@ out:
                sub_uid_close(true);
                sub_uid_unlock();
        } else {
-               sub_gid_close();
+               sub_gid_close(true);
                sub_gid_unlock();
        }
 
@@ -1145,7 +1145,7 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ
                sub_uid_close(true);
                sub_uid_unlock();
        } else {
-               sub_gid_close();
+               sub_gid_close(true);
                sub_gid_unlock();
        }
 

diff --git a/lib/subordinateio.h b/lib/subordinateio.h
index a2a49270db24d5879d5adf988ebd3984fa8998ed..ff231f30e8db085f22f0e95ec9dfdee08dab89a2 100644 (file)
--- a/lib/subordinateio.h
+++ b/lib/subordinateio.h
@@ -32,7 +32,7 @@ extern bool release_subid_range(struct subordinate_range *range, enum subid_type
 extern int find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids);
 extern void free_subordinate_ranges(struct subordinate_range **ranges, int count);
 
-extern int sub_gid_close(void);
+extern int sub_gid_close(bool process_selinux);
 extern bool have_sub_gids(const char *owner, gid_t start, unsigned long count);
 extern bool sub_gid_file_present (void);
 extern bool local_sub_gid_assigned(const char *owner);

diff --git a/src/newgidmap.c b/src/newgidmap.c
index e52cd4fa7e55595ae9d7ef739a507f0c583c0c99..a8fb630c3609f72adc96d7e837f409a15ebc2eae 100644 (file)
--- a/src/newgidmap.c
+++ b/src/newgidmap.c
@@ -231,7 +231,7 @@ int main(int argc, char **argv)
        write_setgroups(proc_dir_fd, allow_setgroups);
        write_mapping(proc_dir_fd, ranges, mappings, "gid_map", pw->pw_uid);
        if (want_subgid_file())
-               sub_gid_close();
+               sub_gid_close(true);
 
        return EXIT_SUCCESS;
 }

diff --git a/src/newusers.c b/src/newusers.c
index b1cb0967da8530ff9b874cd35f756894a10add0f..5e345d4efd78093321727675bbe5d9fb423b1d64 100644 (file)
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -984,7 +984,7 @@ static void close_files (void)
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
                fail_exit (EXIT_FAILURE);
        }
-       if (is_sub_gid  && (sub_gid_close () == 0)) {
+       if (is_sub_gid  && (sub_gid_close (true) == 0)) {
                fprintf (stderr,
                         _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));

diff --git a/src/useradd.c b/src/useradd.c
index 50fc5f4331a55e27a52b8b4a500a475b05eb1b84..4a988c4e11283968603b31e6b5d61879aecfa1af 100644 (file)
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -1583,7 +1583,7 @@ static void close_files (void)
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
                fail_exit (E_SUB_UID_UPDATE);
        }
-       if (is_sub_gid  && (sub_gid_close () == 0)) {
+       if (is_sub_gid  && (sub_gid_close (true) == 0)) {
                fprintf (stderr,
                         _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));

diff --git a/src/userdel.c b/src/userdel.c
index 8ef4117bfe5a40c8c6f6f6dfd3ffe840171f164f..e535fc1d18e1295804e49bd955a6b4c95af629f1 100644 (file)
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -464,7 +464,7 @@ static void close_files (void)
        }
 
        if (is_sub_gid) {
-               if (sub_gid_close () == 0) {
+               if (sub_gid_close (true) == 0) {
                        fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
                        SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
                        fail_exit (E_SUB_GID_UPDATE);

diff --git a/src/usermod.c b/src/usermod.c
index ece56a66d706e0011fd103422e1fc5db1a93aa96..df94f1f52a4e3c3934dfc6557ccbd202fea31294 100644 (file)
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1577,7 +1577,7 @@ static void close_files (void)
                sub_uid_locked = false;
        }
        if (wflg || Wflg) {
-               if (sub_gid_close () == 0) {
+               if (sub_gid_close (true) == 0) {
                        fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
                        SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
                        fail_exit (E_SUB_GID_UPDATE);