Patch to run genhomedircon without looking at /etc/passwd

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel J Walsh <dwalsh@redhat.com>
To: SELinux <selinux@tycho.nsa.gov>
Subject: Patch to run genhomedircon without looking at /etc/passwd
Date: Thu, 25 Feb 2010 16:08:28 -0500	[thread overview]
Message-ID: <4B86E6CC.9000405@redhat.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 419 bytes --]

I want to change the default of libsemanage to not look for home 
directories in getpwent.  This patch allows you to set the flag 
usepasswd=false in the semanage.conf file. and genhomedircon will only 
setup the labeling of /home, /export/home and any confined users homedirs.

If this patch is not acceptable because libsemanage is being rewritten, 
I would like the functionality to be added to the new libsemanage.

[-- Attachment #2: libsemanage_usepasswd.patch --]
[-- Type: text/plain, Size: 3072 bytes --]

diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index e885202..9b261b9 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -57,7 +57,7 @@ static int parse_errors;
 }
 
 %token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED
-%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN
+%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD
 %token BZIP_BLOCKSIZE BZIP_SMALL
 %token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
 %token PROG_PATH PROG_ARGS
@@ -82,6 +82,7 @@ single_opt:     module_store
         |       save_previous
         |       save_linked
         |       disable_genhomedircon
+        |       usepasswd
         |       handle_unknown
 	|	bzip_blocksize
 	|	bzip_small
@@ -153,6 +154,17 @@ disable_genhomedircon: DISABLE_GENHOMEDIRCON '=' ARG {
 	free($3);
  }
 
+usepasswd: USEPASSWD '=' ARG {
+	if (strcasecmp($3, "false") == 0) {
+		current_conf->usepasswd = 0;
+	} else if (strcasecmp($3, "true") == 0) {
+		current_conf->usepasswd = 1;
+	} else {
+		yyerror("usepasswd can only be 'true' or 'false'");
+	}
+	free($3);
+ }
+
 handle_unknown: HANDLE_UNKNOWN '=' ARG {
 	if (strcasecmp($3, "deny") == 0) {
 		current_conf->handle_unknown = SEPOL_DENY_UNKNOWN;
@@ -252,6 +264,7 @@ static int semanage_conf_init(semanage_conf_t * conf)
 	conf->policyvers = sepol_policy_kern_vers_max();
 	conf->expand_check = 1;
 	conf->handle_unknown = -1;
+	conf->usepasswd = 1;
 	conf->file_mode = 0644;
 	conf->bzip_blocksize = 9;
 	conf->bzip_small = 0;
diff --git a/libsemanage/src/conf-scan.l b/libsemanage/src/conf-scan.l
index 8af5137..e57119d 100644
--- a/libsemanage/src/conf-scan.l
+++ b/libsemanage/src/conf-scan.l
@@ -46,6 +46,7 @@ file-mode         return FILE_MODE;
 save-previous     return SAVE_PREVIOUS;
 save-linked       return SAVE_LINKED;
 disable-genhomedircon return DISABLE_GENHOMEDIRCON;
+usepasswd return USEPASSWD;
 handle-unknown    return HANDLE_UNKNOWN;
 bzip-blocksize	return BZIP_BLOCKSIZE;
 bzip-small	return BZIP_SMALL;
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index fee6644..47834eb 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -959,7 +959,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
 	 * which requires the out policydb */
 	if (!sh->conf->disable_genhomedircon) {
 		if (out && (retval =
-		     semanage_genhomedircon(sh, out, 1)) != 0) {
+		     semanage_genhomedircon(sh, out, sh->conf->usepasswd)) != 0) {
 			ERR(sh, "semanage_genhomedircon returned error code %d.",
 			    retval);
 			goto cleanup;
diff --git a/libsemanage/src/semanage_conf.h b/libsemanage/src/semanage_conf.h
index 4118910..f58d9ac 100644
--- a/libsemanage/src/semanage_conf.h
+++ b/libsemanage/src/semanage_conf.h
@@ -38,6 +38,7 @@ typedef struct semanage_conf {
 	int save_previous;
 	int save_linked;
 	int disable_genhomedircon;
+	int usepasswd;
 	int handle_unknown;
 	mode_t file_mode;
 	int bzip_blocksize;

next             reply	other threads:[~2010-02-25 21:08 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-25 21:08 Daniel J Walsh [this message]
2010-02-26  1:40 ` Patch to run genhomedircon without looking at /etc/passwd Joshua Brindle
2010-03-06 23:13   ` Joshua Brindle

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e885202 dfblob:9b261b9 dfblob:8af5137 dfblob:e57119d
dfblob:fee6644 dfblob:47834eb dfblob:4118910 dfblob:f58d9ac )
 OR (
bs:"Patch to run genhomedircon without looking at /etc/passwd" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B86E6CC.9000405@redhat.com \
    --to=dwalsh@redhat.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.