[PATCH v2 9/9] libsemanage: respect shell paths with /usr prefix

Christian Göttsche <cgoettsche@xxxxxxxxxxxxx> · Mon, 25 Nov 2024 12:18:40 +0100

From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>

Consider paths with the prefix /usr for shells by including them in the
list of fallback default shells and by extending the check for a nologin
shell.

Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
 libsemanage/src/genhomedircon.c | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index 19543799..8782e2cb 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -192,15 +192,23 @@ static semanage_list_t *default_shell_list(void)
 	semanage_list_t *list = NULL;
 
 	if (semanage_list_push(&list, "/bin/csh")
+	    || semanage_list_push(&list, "/usr/bin/csh")
 	    || semanage_list_push(&list, "/bin/tcsh")
+	    || semanage_list_push(&list, "/usr/bin/tcsh")
 	    || semanage_list_push(&list, "/bin/ksh")
+	    || semanage_list_push(&list, "/usr/bin/ksh")
 	    || semanage_list_push(&list, "/bin/bsh")
+	    || semanage_list_push(&list, "/usr/bin/bsh")
 	    || semanage_list_push(&list, "/bin/ash")
-	    || semanage_list_push(&list, "/usr/bin/ksh")
+	    || semanage_list_push(&list, "/usr/bin/ash")
+	    || semanage_list_push(&list, "/bin/pdksh")
 	    || semanage_list_push(&list, "/usr/bin/pdksh")
 	    || semanage_list_push(&list, "/bin/zsh")
+	    || semanage_list_push(&list, "/usr/bin/zsh")
 	    || semanage_list_push(&list, "/bin/sh")
-	    || semanage_list_push(&list, "/bin/bash"))
+	    || semanage_list_push(&list, "/usr/bin/sh")
+	    || semanage_list_push(&list, "/bin/bash")
+	    || semanage_list_push(&list, "/usr/bin/bash"))
 		goto fail;
 
 	return list;
@@ -210,6 +218,12 @@ static semanage_list_t *default_shell_list(void)
 	return NULL;
 }
 
+static bool is_nologin_shell(const char *path)
+{
+	return strcmp(path, PATH_NOLOGIN_SHELL) == 0 ||
+	       strcmp(path, "/usr" PATH_NOLOGIN_SHELL) == 0;
+}
+
 static semanage_list_t *get_shell_list(void)
 {
 	FILE *shells;
@@ -223,13 +237,13 @@ static semanage_list_t *get_shell_list(void)
 		return default_shell_list();
 	while ((len = getline(&temp, &buff_len, shells)) > 0) {
 		if (temp[len-1] == '\n') temp[len-1] = 0;
-		if (strcmp(temp, PATH_NOLOGIN_SHELL)) {
-			if (semanage_list_push(&list, temp)) {
-				free(temp);
-				semanage_list_destroy(&list);
-				fclose(shells);
-				return NULL;
-			}
+		if (is_nologin_shell(temp))
+			continue;
+		if (semanage_list_push(&list, temp)) {
+			free(temp);
+			semanage_list_destroy(&list);
+			fclose(shells);
+			return NULL;
 		}
 	}
 	free(temp);
-- 
2.45.2








