SSSD / sssd

Clone

e7e942c SELINUX: Always add SELinux user to the semanage database if it doesn't exist

Authored and Committed by jhrozek 5 years ago
raw patch tree parent
5 files changed. 41 lines added. 2 lines removed.
src/providers/ipa/selinux_child.c
file modified
+8 -2
src/util/sss_semanage.c
file modified
+30 -0
src/util/util.h
file modified
+1 -0
src/util/util_errors.c
file modified
+1 -0
src/util/util_errors.h
file modified
+1 -0 
    SELINUX: Always add SELinux user to the semanage database if it doesn't exist
    
    Previously, we tried to optimize too much and only set the SELinux user
    to Linux user mapping in case the SELinux user was different from the
    system default. But this doesn't work for the case where the Linux user
    has a non-standard home directory, because then SELinux would not have
    any idea that this user's home directory should be labeled as a home
    directory.
    
    This patch relaxes the optimization in the sense that on the first
    login, the SELinux context is saved regardless of whether it is the same
    as the default or different.
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3819
    
    Reviewed-by: Michal Židek <mzidek@redhat.com>
    (cherry picked from commit 945865ae16120ffade267227ca48cefd58822fd2)
file modified
+8 -2
file modified
+30 -0
file modified
+1 -0
file modified
+1 -0
file modified
+1 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.