-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch will turn this handling off. Meaning you will not end up with some bizarro context and fail to login if the login program can not figure how to log you in. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0GZbEACgkQrlYvE4MpobOF7QCgsD1XYuNC6B5MyIezCZvN9mYL UX4AoOe9GsP3bhuvMBPea9LXeV/7tCPS =B9Pk -----END PGP SIGNATURE-----
diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c
index a50fca8..37d80f2 100644
--- a/libselinux/src/get_context_list.c
+++ b/libselinux/src/get_context_list.c
@@ -286,7 +286,6 @@ static int get_failsafe_context(const char *user, security_context_t * newcon)
if (buf[plen - 1] == '\n')
buf[plen - 1] = 0;
- retry:
nlen = strlen(user) + 1 + plen + 1;
*newcon = malloc(nlen);
if (!(*newcon))
@@ -306,10 +305,6 @@ static int get_failsafe_context(const char *user, security_context_t * newcon)
if (security_check_context(*newcon) && errno != ENOENT) {
free(*newcon);
*newcon = 0;
- if (strcmp(user, SELINUX_DEFAULTUSER)) {
- user = SELINUX_DEFAULTUSER;
- goto retry;
- }
return -1;
}
@@ -418,13 +413,8 @@ int get_ordered_context_list(const char *user,
/* Determine the set of reachable contexts for the user. */
rc = security_compute_user(fromcon, user, &reachable);
- if (rc < 0) {
- /* Retry with the default SELinux user identity. */
- user = SELINUX_DEFAULTUSER;
- rc = security_compute_user(fromcon, user, &reachable);
- if (rc < 0)
- goto failsafe;
- }
+ if (rc < 0)
+ goto failsafe;
nreach = 0;
for (ptr = reachable; *ptr; ptr++)
nreach++;
Attachment:
libselinux-defaultuser.patch.sig
Description: PGP signature
