From efef4d06353964e5f91e13b39ca13cf3d0bd3e56 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Fri, 25 Apr 2025 16:12:40 +0200 Subject: [PATCH] lib/, src/: add SELinux control flag in sub_gid_unlock() Expand sub_gid_unlock() interface to add a control flag for SELinux file context processing. Signed-off-by: Iker Pedrosa --- lib/subordinateio.c | 12 ++++++------ lib/subordinateio.h | 2 +- src/newusers.c | 4 ++-- src/useradd.c | 4 ++-- src/userdel.c | 4 ++-- src/usermod.c | 4 ++-- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/lib/subordinateio.c b/lib/subordinateio.c index 8384683a9..0ceeecafd 100644 --- a/lib/subordinateio.c +++ b/lib/subordinateio.c @@ -812,9 +812,9 @@ int sub_gid_close (bool process_selinux) return commonio_close (&subordinate_gid_db, process_selinux); } -int sub_gid_unlock (void) +int sub_gid_unlock (bool process_selinux) { - return commonio_unlock (&subordinate_gid_db, true); + return commonio_unlock (&subordinate_gid_db, process_selinux); } gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count) @@ -1058,7 +1058,7 @@ bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, b } if (!sub_gid_open(O_CREAT | O_RDWR)) { printf("Failed opening subgids (errno %d)\n", errno); - sub_gid_unlock(); + sub_gid_unlock(true); return false; } db = &subordinate_gid_db; @@ -1096,7 +1096,7 @@ out: sub_uid_unlock(true); } else { sub_gid_close(true); - sub_gid_unlock(); + sub_gid_unlock(true); } return ret; @@ -1130,7 +1130,7 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ } if (!sub_gid_open(O_CREAT | O_RDWR)) { printf("Failed opening subgids (errno %d)\n", errno); - sub_gid_unlock(); + sub_gid_unlock(true); return false; } db = &subordinate_gid_db; @@ -1146,7 +1146,7 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ sub_uid_unlock(true); } else { sub_gid_close(true); - sub_gid_unlock(); + sub_gid_unlock(true); } return ret; diff --git a/lib/subordinateio.h b/lib/subordinateio.h index 88f1ec97f..38f9f2857 100644 --- a/lib/subordinateio.h +++ b/lib/subordinateio.h @@ -40,7 +40,7 @@ extern int sub_gid_lock (void); extern int sub_gid_setdbname (const char *filename); extern /*@observer@*/const char *sub_gid_dbname (void); extern int sub_gid_open (int mode); -extern int sub_gid_unlock (void); +extern int sub_gid_unlock (bool process_selinux); extern int sub_gid_add (const char *owner, gid_t start, unsigned long count); extern int sub_gid_remove (const char *owner, gid_t start, unsigned long count); extern uid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count); diff --git a/src/newusers.c b/src/newusers.c index dd79a5ae2..9be96c25e 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -204,7 +204,7 @@ static void fail_exit (int code) } } if (sub_gid_locked) { - if (sub_gid_unlock () == 0) { + if (sub_gid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); /* continue */ @@ -1030,7 +1030,7 @@ static void close_files (void) sub_uid_locked = false; } if (is_sub_gid) { - if (sub_gid_unlock () == 0) { + if (sub_gid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); /* continue */ diff --git a/src/useradd.c b/src/useradd.c index 93293050c..d631a8fae 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -291,7 +291,7 @@ static void fail_exit (int code) SYSLOG((LOG_ERR, "failed to unlock %s", sub_uid_dbname())); /* continue */ } - if (sub_gid_locked && sub_gid_unlock() == 0) { + if (sub_gid_locked && sub_gid_unlock(true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname())); /* continue */ @@ -1635,7 +1635,7 @@ static void close_files (void) sub_uid_locked = false; } if (is_sub_gid) { - if (sub_gid_unlock () == 0) { + if (sub_gid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); #ifdef WITH_AUDIT diff --git a/src/userdel.c b/src/userdel.c index e57b845fd..a3805c6e6 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -469,7 +469,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ())); fail_exit (E_SUB_GID_UPDATE); } - if (sub_gid_unlock () == 0) { + if (sub_gid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); /* continue */ @@ -523,7 +523,7 @@ static void fail_exit (int code) } } if (sub_gid_locked) { - if (sub_gid_unlock () == 0) { + if (sub_gid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); /* continue */ diff --git a/src/usermod.c b/src/usermod.c index 7817b23b6..f1df1ffde 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -673,7 +673,7 @@ fail_exit (int code) } } if (sub_gid_locked) { - if (sub_gid_unlock () == 0) { + if (sub_gid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); /* continue */ @@ -1582,7 +1582,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ())); fail_exit (E_SUB_GID_UPDATE); } - if (sub_gid_unlock () == 0) { + if (sub_gid_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); /* continue */ -- 2.47.3