From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 25 Apr 2025 13:38:18 +0000 (+0200)
Subject: lib/, src/: add SELinux control flag in sub_gid_close()
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=987a993087b6aba79fa2fb0c45352b2cca742710;p=thirdparty%2Fshadow.git

lib/, src/: add SELinux control flag in sub_gid_close()

Expand sub_gid_close() interface to add a control flag for SELinux file
context processing.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---

diff --git a/lib/subordinateio.c b/lib/subordinateio.c
index dd0a95899..405bd2c09 100644
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -593,7 +593,7 @@ static bool have_range(struct commonio_db *db,
 		if (db == &subordinate_uid_db)
 			sub_uid_close(true);
 		else
-			sub_gid_close();
+			sub_gid_close(true);
 	}
 
 	return ret;
@@ -807,9 +807,9 @@ int sub_gid_remove (const char *owner, gid_t start, unsigned long count)
 	return remove_range (&subordinate_gid_db, owner, start, count);
 }
 
-int sub_gid_close (void)
+int sub_gid_close (bool process_selinux)
 {
-	return commonio_close (&subordinate_gid_db, true);
+	return commonio_close (&subordinate_gid_db, process_selinux);
 }
 
 int sub_gid_unlock (void)
@@ -933,7 +933,7 @@ out:
 	if (id_type == ID_TYPE_UID)
 		sub_uid_close(true);
 	else
-		sub_gid_close();
+		sub_gid_close(true);
 
 	*in_ranges = ranges;
 	return count;
@@ -1024,7 +1024,7 @@ int find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids)
 	if (id_type == ID_TYPE_UID)
 		sub_uid_close(true);
 	else
-		sub_gid_close();
+		sub_gid_close(true);
 
 	return n;
 }
@@ -1095,7 +1095,7 @@ out:
 		sub_uid_close(true);
 		sub_uid_unlock();
 	} else {
-		sub_gid_close();
+		sub_gid_close(true);
 		sub_gid_unlock();
 	}
 
@@ -1145,7 +1145,7 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ
 		sub_uid_close(true);
 		sub_uid_unlock();
 	} else {
-		sub_gid_close();
+		sub_gid_close(true);
 		sub_gid_unlock();
 	}
 
diff --git a/lib/subordinateio.h b/lib/subordinateio.h
index a2a49270d..ff231f30e 100644
--- a/lib/subordinateio.h
+++ b/lib/subordinateio.h
@@ -32,7 +32,7 @@ extern bool release_subid_range(struct subordinate_range *range, enum subid_type
 extern int find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids);
 extern void free_subordinate_ranges(struct subordinate_range **ranges, int count);
 
-extern int sub_gid_close(void);
+extern int sub_gid_close(bool process_selinux);
 extern bool have_sub_gids(const char *owner, gid_t start, unsigned long count);
 extern bool sub_gid_file_present (void);
 extern bool local_sub_gid_assigned(const char *owner);
diff --git a/src/newgidmap.c b/src/newgidmap.c
index e52cd4fa7..a8fb630c3 100644
--- a/src/newgidmap.c
+++ b/src/newgidmap.c
@@ -231,7 +231,7 @@ int main(int argc, char **argv)
 	write_setgroups(proc_dir_fd, allow_setgroups);
 	write_mapping(proc_dir_fd, ranges, mappings, "gid_map", pw->pw_uid);
 	if (want_subgid_file())
-		sub_gid_close();
+		sub_gid_close(true);
 
 	return EXIT_SUCCESS;
 }
diff --git a/src/newusers.c b/src/newusers.c
index b1cb0967d..5e345d4ef 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -984,7 +984,7 @@ static void close_files (void)
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
 		fail_exit (EXIT_FAILURE);
 	}
-	if (is_sub_gid  && (sub_gid_close () == 0)) {
+	if (is_sub_gid  && (sub_gid_close (true) == 0)) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
diff --git a/src/useradd.c b/src/useradd.c
index 50fc5f433..4a988c4e1 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -1583,7 +1583,7 @@ static void close_files (void)
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
 		fail_exit (E_SUB_UID_UPDATE);
 	}
-	if (is_sub_gid  && (sub_gid_close () == 0)) {
+	if (is_sub_gid  && (sub_gid_close (true) == 0)) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
diff --git a/src/userdel.c b/src/userdel.c
index 8ef4117bf..e535fc1d1 100644
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -464,7 +464,7 @@ static void close_files (void)
 	}
 
 	if (is_sub_gid) {
-		if (sub_gid_close () == 0) {
+		if (sub_gid_close (true) == 0) {
 			fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
 			SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
 			fail_exit (E_SUB_GID_UPDATE);
diff --git a/src/usermod.c b/src/usermod.c
index ece56a66d..df94f1f52 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1577,7 +1577,7 @@ static void close_files (void)
 		sub_uid_locked = false;
 	}
 	if (wflg || Wflg) {
-		if (sub_gid_close () == 0) {
+		if (sub_gid_close (true) == 0) {
 			fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
 			SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
 			fail_exit (E_SUB_GID_UPDATE);