On Tue, Oct 27, 2020 at 06:45:39PM +0100, Vit Mojzis wrote:
> Only add user homedir context entry when usepasswd = True
>
> Resolves:
> #cat /etc/selinux/semanage.conf | grep usepasswd
> usepasswd=False
> #useradd -Z unconfined_u -d /tmp test
> #matchpathcon /tmp
> /tmp unconfined_u:object_r:user_home_dir_t:s0
>
> Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx>
> ---
> libsemanage/src/genhomedircon.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
> index d08c88de..19dfb7b0 100644
> --- a/libsemanage/src/genhomedircon.c
> +++ b/libsemanage/src/genhomedircon.c
> @@ -966,6 +966,9 @@ static int add_user(genhomedircon_settings_t * s,
> }
> }
>
> + if (!(s->usepasswd))
> + return STATUS_SUCCESS;
> +
> int retval = STATUS_ERR;
>
> char *rbuf = NULL;
> --
> 2.25.4
>
add_user() seems to be too deep. Would it make sense to (s->usepasswd) in
write_context_file() as part of a condition on line 1338:
if (user_context_tpl || username_context_tpl) {
?
Attachment:
signature.asc
Description: PGP signature
