* I think it is time to turn off default user handling in libselinux
@ 2010-12-13 18:28 Daniel J Walsh
2010-12-16 19:19 ` Chad Sellers
0 siblings, 1 reply; 2+ messages in thread
From: Daniel J Walsh @ 2010-12-13 18:28 UTC (permalink / raw)
To: 'Chad Sellers', SELinux
[-- Attachment #1: Type: text/plain, Size: 476 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch will turn this handling off. Meaning you will not end up
with some bizarro context and fail to login if the login program can not
figure how to log you in.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0GZbEACgkQrlYvE4MpobOF7QCgsD1XYuNC6B5MyIezCZvN9mYL
UX4AoOe9GsP3bhuvMBPea9LXeV/7tCPS
=B9Pk
-----END PGP SIGNATURE-----
[-- Attachment #2: libselinux-defaultuser.patch --]
[-- Type: text/plain, Size: 1235 bytes --]
diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c
index a50fca8..37d80f2 100644
--- a/libselinux/src/get_context_list.c
+++ b/libselinux/src/get_context_list.c
@@ -286,7 +286,6 @@ static int get_failsafe_context(const char *user, security_context_t * newcon)
if (buf[plen - 1] == '\n')
buf[plen - 1] = 0;
- retry:
nlen = strlen(user) + 1 + plen + 1;
*newcon = malloc(nlen);
if (!(*newcon))
@@ -306,10 +305,6 @@ static int get_failsafe_context(const char *user, security_context_t * newcon)
if (security_check_context(*newcon) && errno != ENOENT) {
free(*newcon);
*newcon = 0;
- if (strcmp(user, SELINUX_DEFAULTUSER)) {
- user = SELINUX_DEFAULTUSER;
- goto retry;
- }
return -1;
}
@@ -418,13 +413,8 @@ int get_ordered_context_list(const char *user,
/* Determine the set of reachable contexts for the user. */
rc = security_compute_user(fromcon, user, &reachable);
- if (rc < 0) {
- /* Retry with the default SELinux user identity. */
- user = SELINUX_DEFAULTUSER;
- rc = security_compute_user(fromcon, user, &reachable);
- if (rc < 0)
- goto failsafe;
- }
+ if (rc < 0)
+ goto failsafe;
nreach = 0;
for (ptr = reachable; *ptr; ptr++)
nreach++;
[-- Attachment #3: libselinux-defaultuser.patch.sig --]
[-- Type: application/pgp-signature, Size: 72 bytes --]
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: I think it is time to turn off default user handling in libselinux
2010-12-13 18:28 I think it is time to turn off default user handling in libselinux Daniel J Walsh
@ 2010-12-16 19:19 ` Chad Sellers
0 siblings, 0 replies; 2+ messages in thread
From: Chad Sellers @ 2010-12-16 19:19 UTC (permalink / raw)
To: Daniel J Walsh, SELinux
On 12/13/10 1:28 PM, "Daniel J Walsh" <dwalsh@redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This patch will turn this handling off. Meaning you will not end up
> with some bizarro context and fail to login if the login program can not
> figure how to log you in.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk0GZbEACgkQrlYvE4MpobOF7QCgsD1XYuNC6B5MyIezCZvN9mYL
> UX4AoOe9GsP3bhuvMBPea9LXeV/7tCPS
> =B9Pk
> -----END PGP SIGNATURE-----
I agree. In fact, I'd love to rework the entire process of computing a login
context at some point.
In the mean time, this patch looks good to me. Merged as of libselinux
2.0.98.
Acked-by: Chad Sellers <csellers@tresys.com>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-12-16 19:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-12-13 18:28 I think it is time to turn off default user handling in libselinux Daniel J Walsh
2010-12-16 19:19 ` Chad Sellers
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.