users_extra is needed by genhomedircon and when listing seusers, so it
must be kept in the policy store. Also move the FC_TMPL unlink() closer
to where the FC_TMPL is created; not a functional change, but eaiser to
follow.
Signed-off-by: Steve Lawrence <slawrence@xxxxxxxxxx>
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
---
libsemanage/src/direct_api.c | 7 +++----
libsemanage/utils/semanage_migrate_store | 1 +
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 6e49cae..68dd0d1 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1272,6 +1272,9 @@ static int semanage_direct_commit(semanage_handle_t * sh)
if (retval < 0)
goto cleanup;
+ /* remove FC_TMPL now that it is now longer needed */
+ unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
+
pfcontexts->dtable->drop_cache(pfcontexts->dbase);
/* SEUsers */
@@ -1413,10 +1416,6 @@ static int semanage_direct_commit(semanage_handle_t * sh)
sepol_policydb_free(out);
out = NULL;
- /* remove files that are automatically generated and no longer needed */
- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
- unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA));
-
if (sh->do_rebuild || modified || bools_modified || fcontexts_modified) {
retval = semanage_install_sandbox(sh);
}
diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
index 297c71b..b5eefaa 100755
--- a/libsemanage/utils/semanage_migrate_store
+++ b/libsemanage/utils/semanage_migrate_store
@@ -247,6 +247,7 @@ if __name__ == "__main__":
"file_contexts.local",
"seusers",
"users.local",
+ "users_extra",
"users_extra.local",
"disable_dontaudit",
"preserve_tunables",
--
2.4.3
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
