* [PATCH] libsemanage/genhomedircon: check usepasswd in add_user
@ 2020-10-27 16:53 Vit Mojzis
2020-10-27 17:34 ` Petr Lautrbach
0 siblings, 1 reply; 9+ messages in thread
From: Vit Mojzis @ 2020-10-27 16:53 UTC (permalink / raw)
To: selinux
Only add user homedir context entry when usepasswd = True
Resolves:
\#cat /etc/selinux/semanage.conf | grep usepasswd
usepasswd=False
\#useradd -Z unconfined_u -d /tmp test
\#matchpathcon /tmp
/tmp unconfined_u:object_r:user_home_dir_t:s0
---
libsemanage/src/genhomedircon.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index d08c88de..19dfb7b0 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -966,6 +966,9 @@ static int add_user(genhomedircon_settings_t * s,
}
}
+ if (!(s->usepasswd))
+ return STATUS_SUCCESS;
+
int retval = STATUS_ERR;
char *rbuf = NULL;
--
2.25.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] libsemanage/genhomedircon: check usepasswd in add_user
2020-10-27 16:53 [PATCH] libsemanage/genhomedircon: check usepasswd in add_user Vit Mojzis
@ 2020-10-27 17:34 ` Petr Lautrbach
2020-10-27 17:45 ` Vit Mojzis
0 siblings, 1 reply; 9+ messages in thread
From: Petr Lautrbach @ 2020-10-27 17:34 UTC (permalink / raw)
To: selinux; +Cc: Vit Mojzis
[-- Attachment #1: Type: text/plain, Size: 1231 bytes --]
On Tue, Oct 27, 2020 at 05:53:43PM +0100, Vit Mojzis wrote:
> Only add user homedir context entry when usepasswd = True
>
> Resolves:
> \#cat /etc/selinux/semanage.conf | grep usepasswd
> usepasswd=False
> \#useradd -Z unconfined_u -d /tmp test
> \#matchpathcon /tmp
> /tmp unconfined_u:object_r:user_home_dir_t:s0
It should be enough to indent lines with few spaces, e.g.
Resolves:
# grep usepasswd /etc/selinux/semanage.conf
usepasswd=False
# useradd -Z unconfined_u -d /tmp test
# matchpathcon /tmp
/tmp unconfined_u:object_r:user_home_dir_t:s0
Also please provide Signed-off-by: see
https://github.com/SELinuxProject/selinux/blob/master/CONTRIBUTING.md
> ---
> libsemanage/src/genhomedircon.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
> index d08c88de..19dfb7b0 100644
> --- a/libsemanage/src/genhomedircon.c
> +++ b/libsemanage/src/genhomedircon.c
> @@ -966,6 +966,9 @@ static int add_user(genhomedircon_settings_t * s,
> }
> }
>
> + if (!(s->usepasswd))
> + return STATUS_SUCCESS;
> +
> int retval = STATUS_ERR;
>
> char *rbuf = NULL;
> --
> 2.25.4
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH] libsemanage/genhomedircon: check usepasswd in add_user
2020-10-27 17:34 ` Petr Lautrbach
@ 2020-10-27 17:45 ` Vit Mojzis
2020-10-29 10:48 ` Petr Lautrbach
0 siblings, 1 reply; 9+ messages in thread
From: Vit Mojzis @ 2020-10-27 17:45 UTC (permalink / raw)
To: selinux
Only add user homedir context entry when usepasswd = True
Resolves:
#cat /etc/selinux/semanage.conf | grep usepasswd
usepasswd=False
#useradd -Z unconfined_u -d /tmp test
#matchpathcon /tmp
/tmp unconfined_u:object_r:user_home_dir_t:s0
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
libsemanage/src/genhomedircon.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index d08c88de..19dfb7b0 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -966,6 +966,9 @@ static int add_user(genhomedircon_settings_t * s,
}
}
+ if (!(s->usepasswd))
+ return STATUS_SUCCESS;
+
int retval = STATUS_ERR;
char *rbuf = NULL;
--
2.25.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] libsemanage/genhomedircon: check usepasswd in add_user
2020-10-27 17:45 ` Vit Mojzis
@ 2020-10-29 10:48 ` Petr Lautrbach
2020-10-29 17:27 ` [PATCH] libsemanage/genhomedircon: check usepasswd Vit Mojzis
2020-10-29 17:28 ` Vit Mojzis
0 siblings, 2 replies; 9+ messages in thread
From: Petr Lautrbach @ 2020-10-29 10:48 UTC (permalink / raw)
To: selinux; +Cc: Vit Mojzis
[-- Attachment #1: Type: text/plain, Size: 1101 bytes --]
On Tue, Oct 27, 2020 at 06:45:39PM +0100, Vit Mojzis wrote:
> Only add user homedir context entry when usepasswd = True
>
> Resolves:
> #cat /etc/selinux/semanage.conf | grep usepasswd
> usepasswd=False
> #useradd -Z unconfined_u -d /tmp test
> #matchpathcon /tmp
> /tmp unconfined_u:object_r:user_home_dir_t:s0
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
> ---
> libsemanage/src/genhomedircon.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
> index d08c88de..19dfb7b0 100644
> --- a/libsemanage/src/genhomedircon.c
> +++ b/libsemanage/src/genhomedircon.c
> @@ -966,6 +966,9 @@ static int add_user(genhomedircon_settings_t * s,
> }
> }
>
> + if (!(s->usepasswd))
> + return STATUS_SUCCESS;
> +
> int retval = STATUS_ERR;
>
> char *rbuf = NULL;
> --
> 2.25.4
>
add_user() seems to be too deep. Would it make sense to (s->usepasswd) in
write_context_file() as part of a condition on line 1338:
if (user_context_tpl || username_context_tpl) {
?
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH] libsemanage/genhomedircon: check usepasswd
2020-10-29 10:48 ` Petr Lautrbach
@ 2020-10-29 17:27 ` Vit Mojzis
2020-10-29 17:28 ` Vit Mojzis
1 sibling, 0 replies; 9+ messages in thread
From: Vit Mojzis @ 2020-10-29 17:27 UTC (permalink / raw)
To: selinux
Only add user homedir contexts when usepasswd = True
Resolves:
\#cat /etc/selinux/semanage.conf | grep usepasswd
usepasswd=False
\#useradd -Z unconfined_u -d /tmp test
\#matchpathcon /tmp
/tmp unconfined_u:object_r:user_home_dir_t:s0
---
libsemanage/src/genhomedircon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index d08c88de..fc75fa8c 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
s->fallback->home = NULL;
}
}
- if (user_context_tpl || username_context_tpl) {
+ if (!(s->usepasswd) && (user_context_tpl || username_context_tpl)) {
if (write_username_context(s, out, username_context_tpl,
s->fallback) != STATUS_SUCCESS) {
retval = STATUS_ERR;
--
2.26.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH] libsemanage/genhomedircon: check usepasswd
2020-10-29 10:48 ` Petr Lautrbach
2020-10-29 17:27 ` [PATCH] libsemanage/genhomedircon: check usepasswd Vit Mojzis
@ 2020-10-29 17:28 ` Vit Mojzis
2020-10-30 12:33 ` Petr Lautrbach
1 sibling, 1 reply; 9+ messages in thread
From: Vit Mojzis @ 2020-10-29 17:28 UTC (permalink / raw)
To: selinux
Only add user homedir contexts when usepasswd = True
Resolves:
#cat /etc/selinux/semanage.conf | grep usepasswd
usepasswd=False
#useradd -Z unconfined_u -d /tmp test
#matchpathcon /tmp
/tmp unconfined_u:object_r:user_home_dir_t:s0
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
libsemanage/src/genhomedircon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index d08c88de..fc75fa8c 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
s->fallback->home = NULL;
}
}
- if (user_context_tpl || username_context_tpl) {
+ if (!(s->usepasswd) && (user_context_tpl || username_context_tpl)) {
if (write_username_context(s, out, username_context_tpl,
s->fallback) != STATUS_SUCCESS) {
retval = STATUS_ERR;
--
2.26.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] libsemanage/genhomedircon: check usepasswd
2020-10-29 17:28 ` Vit Mojzis
@ 2020-10-30 12:33 ` Petr Lautrbach
2020-10-30 16:42 ` [PATCH v2] " Vit Mojzis
0 siblings, 1 reply; 9+ messages in thread
From: Petr Lautrbach @ 2020-10-30 12:33 UTC (permalink / raw)
To: selinux; +Cc: Vit Mojzis
[-- Attachment #1: Type: text/plain, Size: 1217 bytes --]
On Thu, Oct 29, 2020 at 06:28:45PM +0100, Vit Mojzis wrote:
> Only add user homedir contexts when usepasswd = True
>
> Resolves:
> #cat /etc/selinux/semanage.conf | grep usepasswd
> usepasswd=False
> #useradd -Z unconfined_u -d /tmp test
> #matchpathcon /tmp
> /tmp unconfined_u:object_r:user_home_dir_t:s0
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
> ---
> libsemanage/src/genhomedircon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
> index d08c88de..fc75fa8c 100644
> --- a/libsemanage/src/genhomedircon.c
> +++ b/libsemanage/src/genhomedircon.c
> @@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
> s->fallback->home = NULL;
> }
> }
> - if (user_context_tpl || username_context_tpl) {
> + if (!(s->usepasswd) && (user_context_tpl || username_context_tpl)) {
I guess this condition is reversed - we want to write user contexts when usepasswd is True
> if (write_username_context(s, out, username_context_tpl,
> s->fallback) != STATUS_SUCCESS) {
> retval = STATUS_ERR;
> --
> 2.26.2
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v2] libsemanage/genhomedircon: check usepasswd
2020-10-30 12:33 ` Petr Lautrbach
@ 2020-10-30 16:42 ` Vit Mojzis
2020-11-10 6:25 ` Petr Lautrbach
0 siblings, 1 reply; 9+ messages in thread
From: Vit Mojzis @ 2020-10-30 16:42 UTC (permalink / raw)
To: selinux
Only add user homedir contexts when usepasswd = True
Resolves:
#cat /etc/selinux/semanage.conf | grep usepasswd
usepasswd=False
#useradd -Z unconfined_u -d /tmp test
#matchpathcon /tmp
/tmp unconfined_u:object_r:user_home_dir_t:s0
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
v2 - invert condition as suggested by plautrba
libsemanage/src/genhomedircon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index d08c88de..18d3d99a 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
s->fallback->home = NULL;
}
}
- if (user_context_tpl || username_context_tpl) {
+ if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) {
if (write_username_context(s, out, username_context_tpl,
s->fallback) != STATUS_SUCCESS) {
retval = STATUS_ERR;
--
2.26.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH v2] libsemanage/genhomedircon: check usepasswd
2020-10-30 16:42 ` [PATCH v2] " Vit Mojzis
@ 2020-11-10 6:25 ` Petr Lautrbach
0 siblings, 0 replies; 9+ messages in thread
From: Petr Lautrbach @ 2020-11-10 6:25 UTC (permalink / raw)
To: selinux; +Cc: Vit Mojzis
[-- Attachment #1: Type: text/plain, Size: 1282 bytes --]
On Fri, Oct 30, 2020 at 05:42:17PM +0100, Vit Mojzis wrote:
> Only add user homedir contexts when usepasswd = True
>
> Resolves:
> #cat /etc/selinux/semanage.conf | grep usepasswd
> usepasswd=False
> #useradd -Z unconfined_u -d /tmp test
> #matchpathcon /tmp
> /tmp unconfined_u:object_r:user_home_dir_t:s0
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
Merged with slightly changed commit message, thanks!
> ---
> v2 - invert condition as suggested by plautrba
>
> libsemanage/src/genhomedircon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
> index d08c88de..18d3d99a 100644
> --- a/libsemanage/src/genhomedircon.c
> +++ b/libsemanage/src/genhomedircon.c
> @@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
> s->fallback->home = NULL;
> }
> }
> - if (user_context_tpl || username_context_tpl) {
> + if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) {
> if (write_username_context(s, out, username_context_tpl,
> s->fallback) != STATUS_SUCCESS) {
> retval = STATUS_ERR;
> --
> 2.26.2
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-11-10 6:25 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-27 16:53 [PATCH] libsemanage/genhomedircon: check usepasswd in add_user Vit Mojzis
2020-10-27 17:34 ` Petr Lautrbach
2020-10-27 17:45 ` Vit Mojzis
2020-10-29 10:48 ` Petr Lautrbach
2020-10-29 17:27 ` [PATCH] libsemanage/genhomedircon: check usepasswd Vit Mojzis
2020-10-29 17:28 ` Vit Mojzis
2020-10-30 12:33 ` Petr Lautrbach
2020-10-30 16:42 ` [PATCH v2] " Vit Mojzis
2020-11-10 6:25 ` Petr Lautrbach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.