From f8a459f9295d97eed5a6d0bc1cc06395d5273a6b Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Fri, 25 Apr 2025 15:35:48 +0200 Subject: [PATCH] lib/, src/: add SELinux control flag in sub_uid_close() Expand sub_uid_close() interface to add a control flag for SELinux file context processing. Signed-off-by: Iker Pedrosa --- lib/subordinateio.c | 14 +++++++------- lib/subordinateio.h | 2 +- lib/user_busy.c | 10 +++++----- src/newuidmap.c | 2 +- src/newusers.c | 2 +- src/useradd.c | 2 +- src/userdel.c | 2 +- src/usermod.c | 2 +- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/lib/subordinateio.c b/lib/subordinateio.c index 1a9bbbfa2..dd0a95899 100644 --- a/lib/subordinateio.c +++ b/lib/subordinateio.c @@ -591,7 +591,7 @@ static bool have_range(struct commonio_db *db, if (doclose) { if (db == &subordinate_uid_db) - sub_uid_close(); + sub_uid_close(true); else sub_gid_close(); } @@ -669,9 +669,9 @@ int sub_uid_remove (const char *owner, uid_t start, unsigned long count) return remove_range (&subordinate_uid_db, owner, start, count); } -int sub_uid_close (void) +int sub_uid_close (bool process_selinux) { - return commonio_close (&subordinate_uid_db, true); + return commonio_close (&subordinate_uid_db, process_selinux); } int sub_uid_unlock (void) @@ -931,7 +931,7 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r out: if (id_type == ID_TYPE_UID) - sub_uid_close(); + sub_uid_close(true); else sub_gid_close(); @@ -1022,7 +1022,7 @@ int find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids) } if (id_type == ID_TYPE_UID) - sub_uid_close(); + sub_uid_close(true); else sub_gid_close(); @@ -1092,7 +1092,7 @@ bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, b out: if (id_type == ID_TYPE_UID) { - sub_uid_close(); + sub_uid_close(true); sub_uid_unlock(); } else { sub_gid_close(); @@ -1142,7 +1142,7 @@ bool release_subid_range(struct subordinate_range *range, enum subid_type id_typ ret = remove_range(db, range->owner, range->start, range->count) == 1; if (id_type == ID_TYPE_UID) { - sub_uid_close(); + sub_uid_close(true); sub_uid_unlock(); } else { sub_gid_close(); diff --git a/lib/subordinateio.h b/lib/subordinateio.h index e0aa99d9f..a2a49270d 100644 --- a/lib/subordinateio.h +++ b/lib/subordinateio.h @@ -13,7 +13,7 @@ #include "../libsubid/subid.h" -extern int sub_uid_close(void); +extern int sub_uid_close(bool process_selinux); extern bool have_sub_uids(const char *owner, uid_t start, unsigned long count); extern bool sub_uid_file_present (void); extern bool local_sub_uid_assigned(const char *owner); diff --git a/lib/user_busy.c b/lib/user_busy.c index 630249399..a05faef16 100644 --- a/lib/user_busy.c +++ b/lib/user_busy.c @@ -180,7 +180,7 @@ static int user_busy_processes (const char *name, uid_t uid) if (proc == NULL) { perror ("opendir /proc"); #ifdef ENABLE_SUBIDS - sub_uid_close(); + sub_uid_close(true); #endif return 0; } @@ -188,7 +188,7 @@ static int user_busy_processes (const char *name, uid_t uid) perror ("stat (\"/\")"); (void) closedir (proc); #ifdef ENABLE_SUBIDS - sub_uid_close(); + sub_uid_close(true); #endif return 0; } @@ -225,7 +225,7 @@ static int user_busy_processes (const char *name, uid_t uid) if (check_status (name, tmp_d_name, uid) != 0) { (void) closedir (proc); #ifdef ENABLE_SUBIDS - sub_uid_close(); + sub_uid_close(true); #endif fprintf (log_get_logfd(), _("%s: user %s is currently used by process %d\n"), @@ -248,7 +248,7 @@ static int user_busy_processes (const char *name, uid_t uid) (void) closedir (proc); (void) closedir (task_dir); #ifdef ENABLE_SUBIDS - sub_uid_close(); + sub_uid_close(true); #endif fprintf (log_get_logfd(), _("%s: user %s is currently used by process %d\n"), @@ -264,7 +264,7 @@ static int user_busy_processes (const char *name, uid_t uid) (void) closedir (proc); #ifdef ENABLE_SUBIDS - sub_uid_close(); + sub_uid_close(true); #endif /* ENABLE_SUBIDS */ return 0; } diff --git a/src/newuidmap.c b/src/newuidmap.c index 474194c11..d9c3b4baf 100644 --- a/src/newuidmap.c +++ b/src/newuidmap.c @@ -159,7 +159,7 @@ int main(int argc, char **argv) write_mapping(proc_dir_fd, ranges, mappings, "uid_map", pw->pw_uid); if (want_subuid_file()) - sub_uid_close(); + sub_uid_close(true); return EXIT_SUCCESS; } diff --git a/src/newusers.c b/src/newusers.c index 2cbe74f6a..b1cb0967d 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -978,7 +978,7 @@ static void close_files (void) fail_exit (EXIT_FAILURE); } #ifdef ENABLE_SUBIDS - if (is_sub_uid && (sub_uid_close () == 0)) { + if (is_sub_uid && (sub_uid_close (true) == 0)) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ())); diff --git a/src/useradd.c b/src/useradd.c index 3cd7bd10f..50fc5f433 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -1577,7 +1577,7 @@ static void close_files (void) close_group_files (); #ifdef ENABLE_SUBIDS - if (is_sub_uid && (sub_uid_close () == 0)) { + if (is_sub_uid && (sub_uid_close (true) == 0)) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ())); diff --git a/src/userdel.c b/src/userdel.c index a9e2e3ac9..8ef4117bf 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -450,7 +450,7 @@ static void close_files (void) #ifdef ENABLE_SUBIDS if (is_sub_uid) { - if (sub_uid_close () == 0) { + if (sub_uid_close (true) == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ())); fail_exit (E_SUB_UID_UPDATE); diff --git a/src/usermod.c b/src/usermod.c index 4e2d22555..ece56a66d 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1564,7 +1564,7 @@ static void close_files (void) #ifdef ENABLE_SUBIDS if (vflg || Vflg) { - if (sub_uid_close () == 0) { + if (sub_uid_close (true) == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ())); fail_exit (E_SUB_UID_UPDATE); -- 2.47.3