On Wed, 2008-01-23 at 08:53 -0500, Caleb Case wrote: > Removing failure condition in write_context_file when HOME_DIR or > HOME_ROOT are not found in the contexts. This condition is not needed > (the case where the lists are empty is handled correctly) and stops > otherwise valid operations: > > On a fresh policy store, without any modules loaded: > > # semodule -s refpolicy -b /usr/share/selinux/refpolicy/base.pp > libsemanage.semanage_install_sandbox: semanage_genhomedircon returned > error code -1. No such file or directory. > semodule: Failed! > > --- > src/genhomedircon.c | 4 ---- > 1 file changed, 4 deletions(-) > > Index: libsemanage/src/genhomedircon.c > =================================================================== > --- libsemanage.orig/src/genhomedircon.c > +++ libsemanage/src/genhomedircon.c > @@ -792,10 +792,6 @@ static int write_context_file(genhomedir > homedir_context_tpl = make_template(s, &HOME_DIR_PRED); > homeroot_context_tpl = make_template(s, &HOME_ROOT_PRED); > user_context_tpl = make_template(s, &USER_CONTEXT_PRED); > - if (!homedir_context_tpl || !homeroot_context_tpl) { > - retval = STATUS_ERR; > - goto done; > - } Do we even need to proceed here in this case, or can we immediately bail with STATUS_SUCCESS from this function (or at least skip some of the later processing)? Otherwise, looks like it will end up calling write_home_dir_context() and generating at least the comment lines even if the list is empty? > > if (setup_fallback_user(s) != 0) { > retval = STATUS_ERR; > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.