James Carter <jwcart2@xxxxxxxxx> writes:
> On Tue, Nov 26, 2024 at 5:46 AM Christian Göttsche
> <cgoettsche@xxxxxxxxxxxxx> wrote:
>>
>> From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>>
>> Consider paths with the prefix /usr for shells by including them in the
>> list of fallback default shells and by extending the check for a nologin
>> shell.
>>
>> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> For these nine patches:
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
It's merged now. Thanks!
>> ---
>> libsemanage/src/genhomedircon.c | 32 +++++++++++++++++++++++---------
>> 1 file changed, 23 insertions(+), 9 deletions(-)
>>
>> diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
>> index 19543799..8782e2cb 100644
>> --- a/libsemanage/src/genhomedircon.c
>> +++ b/libsemanage/src/genhomedircon.c
>> @@ -192,15 +192,23 @@ static semanage_list_t *default_shell_list(void)
>> semanage_list_t *list = NULL;
>>
>> if (semanage_list_push(&list, "/bin/csh")
>> + || semanage_list_push(&list, "/usr/bin/csh")
>> || semanage_list_push(&list, "/bin/tcsh")
>> + || semanage_list_push(&list, "/usr/bin/tcsh")
>> || semanage_list_push(&list, "/bin/ksh")
>> + || semanage_list_push(&list, "/usr/bin/ksh")
>> || semanage_list_push(&list, "/bin/bsh")
>> + || semanage_list_push(&list, "/usr/bin/bsh")
>> || semanage_list_push(&list, "/bin/ash")
>> - || semanage_list_push(&list, "/usr/bin/ksh")
>> + || semanage_list_push(&list, "/usr/bin/ash")
>> + || semanage_list_push(&list, "/bin/pdksh")
>> || semanage_list_push(&list, "/usr/bin/pdksh")
>> || semanage_list_push(&list, "/bin/zsh")
>> + || semanage_list_push(&list, "/usr/bin/zsh")
>> || semanage_list_push(&list, "/bin/sh")
>> - || semanage_list_push(&list, "/bin/bash"))
>> + || semanage_list_push(&list, "/usr/bin/sh")
>> + || semanage_list_push(&list, "/bin/bash")
>> + || semanage_list_push(&list, "/usr/bin/bash"))
>> goto fail;
>>
>> return list;
>> @@ -210,6 +218,12 @@ static semanage_list_t *default_shell_list(void)
>> return NULL;
>> }
>>
>> +static bool is_nologin_shell(const char *path)
>> +{
>> + return strcmp(path, PATH_NOLOGIN_SHELL) == 0 ||
>> + strcmp(path, "/usr" PATH_NOLOGIN_SHELL) == 0;
>> +}
>> +
>> static semanage_list_t *get_shell_list(void)
>> {
>> FILE *shells;
>> @@ -223,13 +237,13 @@ static semanage_list_t *get_shell_list(void)
>> return default_shell_list();
>> while ((len = getline(&temp, &buff_len, shells)) > 0) {
>> if (temp[len-1] == '\n') temp[len-1] = 0;
>> - if (strcmp(temp, PATH_NOLOGIN_SHELL)) {
>> - if (semanage_list_push(&list, temp)) {
>> - free(temp);
>> - semanage_list_destroy(&list);
>> - fclose(shells);
>> - return NULL;
>> - }
>> + if (is_nologin_shell(temp))
>> + continue;
>> + if (semanage_list_push(&list, temp)) {
>> + free(temp);
>> + semanage_list_destroy(&list);
>> + fclose(shells);
>> + return NULL;
>> }
>> }
>> free(temp);
>> --
>> 2.45.2
>>
>>
