1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
Date: Sat, 22 Jun 2024 17:39:41 +0200
Subject: cppw: add selinux support
Status wrt upstream: cppw is not available upstream.
Needs to be reviewed by an SE-Linux aware person.
Gbp-Topic: debian
---
src/cppw.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/src/cppw.c b/src/cppw.c
index beb4c36..2cbbbc0 100644
--- a/src/cppw.c
+++ b/src/cppw.c
@@ -34,6 +34,9 @@
#include <sys/types.h>
#include <signal.h>
#include <utime.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /* WITH_SELINUX */
#include "exitcodes.h"
#include "prototypes.h"
#include "pwio.h"
@@ -139,6 +142,22 @@ static void cppwcopy (const char *file,
if (access (file, F_OK) != 0) {
cppwexit (file, 1, 1);
}
+#ifdef WITH_SELINUX
+ /* if SE Linux is enabled then set the context of all new files
+ * to be the context of the file we are editing */
+ if (is_selinux_enabled () > 0) {
+ security_context_t passwd_context=NULL;
+ int ret = 0;
+ if (getfilecon (file, &passwd_context) < 0) {
+ cppwexit (_("Couldn't get file context"), errno, 1);
+ }
+ ret = setfscreatecon (passwd_context);
+ freecon (passwd_context);
+ if (0 != ret) {
+ cppwexit (_("setfscreatecon () failed"), errno, 1);
+ }
+ }
+#endif /* WITH_SELINUX */
if (file_lock () == 0) {
cppwexit (_("Couldn't lock file"), 0, 5);
}
@@ -167,6 +186,15 @@ static void cppwcopy (const char *file,
cppwexit (NULL,0,1);
}
+#ifdef WITH_SELINUX
+ /* unset the fscreatecon */
+ if (is_selinux_enabled () > 0) {
+ if (setfscreatecon (NULL)) {
+ cppwexit (_("setfscreatecon() failed"), errno, 1);
+ }
+ }
+#endif /* WITH_SELINUX */
+
(*file_unlock) ();
}
|
