From 8f3657088c17d2c1155a07e38ee96f757d015170 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Fri, 25 Apr 2025 16:00:43 +0200 Subject: [PATCH] lib/, src/: add SELinux control flag in gr_unlock() Expand gr_unlock() interface to add a control flag for SELinux file context processing. Signed-off-by: Iker Pedrosa --- lib/cleanup_group.c | 2 +- lib/groupio.c | 4 ++-- lib/groupio.h | 2 +- src/chgpasswd.c | 4 ++-- src/groupmems.c | 4 ++-- src/grpck.c | 4 ++-- src/grpconv.c | 4 ++-- src/grpunconv.c | 4 ++-- src/newusers.c | 4 ++-- src/useradd.c | 4 ++-- src/userdel.c | 4 ++-- src/usermod.c | 4 ++-- 12 files changed, 22 insertions(+), 22 deletions(-) diff --git a/lib/cleanup_group.c b/lib/cleanup_group.c index 51e215f81..29013a0b2 100644 --- a/lib/cleanup_group.c +++ b/lib/cleanup_group.c @@ -181,7 +181,7 @@ void cleanup_report_del_group_gshadow (void *group_name) */ void cleanup_unlock_group (MAYBE_UNUSED void *arg) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (log_get_logfd(), _("%s: failed to unlock %s\n"), log_get_progname(), gr_dbname ()); diff --git a/lib/groupio.c b/lib/groupio.c index b47d26fc0..b9ef52854 100644 --- a/lib/groupio.c +++ b/lib/groupio.c @@ -190,9 +190,9 @@ int gr_close (bool process_selinux) return commonio_close (&group_db, process_selinux); } -int gr_unlock (void) +int gr_unlock (bool process_selinux) { - return commonio_unlock (&group_db, true); + return commonio_unlock (&group_db, process_selinux); } void __gr_set_changed (void) diff --git a/lib/groupio.h b/lib/groupio.h index ef9242d04..eae13cd30 100644 --- a/lib/groupio.h +++ b/lib/groupio.h @@ -26,7 +26,7 @@ extern /*@observer@*/ /*@null@*/const struct group *gr_next (void); extern int gr_open (int mode); extern int gr_remove (const char *name); extern int gr_rewind (void); -extern int gr_unlock (void); +extern int gr_unlock (bool process_selinux); extern int gr_update (const struct group *gr); extern int gr_sort (void); diff --git a/src/chgpasswd.c b/src/chgpasswd.c index e510ecd7a..4b18b43e2 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -83,7 +83,7 @@ static void close_files (void); static void fail_exit (int code) { if (gr_locked) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ @@ -405,7 +405,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ())); fail_exit (1); } - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ diff --git a/src/groupmems.c b/src/groupmems.c index 7e302018f..ca3d27065 100644 --- a/src/groupmems.c +++ b/src/groupmems.c @@ -458,7 +458,7 @@ static void check_perms (void) static void fail_exit (int code) { if (gr_locked) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); @@ -529,7 +529,7 @@ static void close_files (void) fail_exit (EXIT_GROUP_FILE); } if (gr_locked) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ diff --git a/src/grpck.c b/src/grpck.c index e086c3067..26293b9f0 100644 --- a/src/grpck.c +++ b/src/grpck.c @@ -96,7 +96,7 @@ static void check_sgr_file (bool *errors, bool *changed); static void fail_exit (int status) { if (gr_locked) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ @@ -353,7 +353,7 @@ static void close_files (bool changed) } #endif if (gr_locked) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ diff --git a/src/grpconv.c b/src/grpconv.c index 82dbe73d3..bc4c6f518 100644 --- a/src/grpconv.c +++ b/src/grpconv.c @@ -57,7 +57,7 @@ static void process_flags (int argc, char **argv); static void fail_exit (int status) { if (gr_locked) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ @@ -254,7 +254,7 @@ int main (int argc, char **argv) SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ } - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ diff --git a/src/grpunconv.c b/src/grpunconv.c index abea1d4e6..487f94795 100644 --- a/src/grpunconv.c +++ b/src/grpunconv.c @@ -56,7 +56,7 @@ static void process_flags (int argc, char **argv); static void fail_exit (int status) { if (gr_locked) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ @@ -210,7 +210,7 @@ int main (int argc, char **argv) fail_exit (3); } - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ diff --git a/src/newusers.c b/src/newusers.c index 961085a33..8fbd3dbe9 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -180,7 +180,7 @@ static void fail_exit (int code) } } if (gr_locked) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ @@ -992,7 +992,7 @@ static void close_files (void) } #endif /* ENABLE_SUBIDS */ - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); diff --git a/src/useradd.c b/src/useradd.c index 66f4ca66e..52091d816 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -273,7 +273,7 @@ static void fail_exit (int code) SYSLOG((LOG_ERR, "failed to unlock %s", pw_dbname())); /* continue */ } - if (gr_locked && gr_unlock() == 0) { + if (gr_locked && gr_unlock(true) == 0) { fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname()); SYSLOG((LOG_ERR, "failed to unlock %s", gr_dbname())); /* continue */ @@ -1688,7 +1688,7 @@ static void close_group_files (void) */ static void unlock_group_files (void) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); #ifdef WITH_AUDIT diff --git a/src/userdel.c b/src/userdel.c index a74eea662..b34177ef8 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -423,7 +423,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ())); fail_exit (E_GRP_UPDATE); } - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ @@ -492,7 +492,7 @@ static void fail_exit (int code) } } if (gr_locked) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ diff --git a/src/usermod.c b/src/usermod.c index 15c0f26dc..dd2d965e5 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -635,7 +635,7 @@ static void fail_exit (int code) { if (gr_locked) { - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); /* continue */ @@ -1525,7 +1525,7 @@ static void close_files (void) } } #endif - if (gr_unlock () == 0) { + if (gr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); -- 2.47.3