SSSD / sssd

Clone

#3732 Fix few bugs in selinux child
Merged 5 years ago by jhrozek. Opened 5 years ago by lslebodn.
SSSD/ lslebodn/sssd selinux_child  into  master

file modified
+16 
@@ -263,6 +263,22 @@ 
 

            "Running with effective IDs: [%"SPRIuid"][%"SPRIgid"].\n",
 

            geteuid(), getegid());
 

  

+     /* The functions semanage_genhomedircon and getseuserbyname use gepwnam_r
 

+      * and they might fail to return values if they are not in memory cache.
 

+      *   [main] (0x0400): performing selinux operations
 

+      *   [seuser_needs_update] (0x2000): getseuserbyname: ret: 0
 

+      *                                   seuser: unconfined_u mls: s0-s0:c0.c15
 

+      *   [libsemanage] (0x0020): semanage_genhomedircon returned error code -1.
 

+      *   [sss_set_seuser] (0x0020): Cannot commit SELinux transaction
 

+      *   [main] (0x0020): Cannot set SELinux login context.
 

+      *   [main] (0x0020): selinux_child failed!
 

+      */
 

+     if (unsetenv("_SSS_LOOPS") != 0) {
 

+         DEBUG(SSSDBG_CRIT_FAILURE,
 

+               "Failed to unset _SSS_LOOPS, some libsemanage functions might "
 

+               "fail.\n");
 

+     }
 

+ 

      /* libsemanage calls access(2) which works with real IDs, not effective.
 

       * We need to switch also the real ID to 0.
 

       */

file modified
+3 -1 
@@ -341,7 +341,9 @@ 
 

  

      ret = EOK;
 

  done:
 

-     semanage_seuser_key_free(key);
 

+     if (key != NULL {
 

+         semanage_seuser_key_free(key);
 

+     }
 

      sss_semanage_close(handle);
 

      return ret;
 

  }

no initial comment

rebased onto 9a9bfd2
5 years ago

ACK to both.

And I'm sorry it took me so long to get to the review.

Actually it's good that I at least compile patches before pushing :)

/home/remote/jhrozek/devel/sssd/src/util/sss_semanage.c: In function ‘sss_set_seuser’:
/home/remote/jhrozek/devel/sssd/src/util/sss_semanage.c:344:21: error: expected ‘)’ before ‘{’ token
     if (key != NULL {
                     ^
/home/remote/jhrozek/devel/sssd/src/util/sss_semanage.c:349:1: error: expected expression before ‘}’ token
 }
 ^
/home/remote/jhrozek/devel/sssd/src/util/sss_semanage.c:349:1: warning: control reaches end of non-void function [-Wreturn-type]
 }
 ^
make[2]: *** [Makefile:25820: src/util/selinux_child-sss_semanage.o] Error 1
make[2]: *** Waiting for unfinished jobs....
/home/remote/jhrozek/devel/sssd/src/util/sss_semanage.c: In function ‘sss_set_seuser’:
/home/remote/jhrozek/devel/sssd/src/util/sss_semanage.c:344:21: error: expected ‘)’ before ‘{’ token
     if (key != NULL {
                     ^
/home/remote/jhrozek/devel/sssd/src/util/sss_semanage.c:349:1: error: expected expression before ‘}’ token
 }
 ^
/home/remote/jhrozek/devel/sssd/src/util/sss_semanage.c:349:1: warning: control reaches end of non-void function [-Wreturn-type]
 }
 ^

Let me know if you want to fix this or if I should.

Commit 51c6c48 fixes this pull-request

Pull-Request has been merged by jhrozek
5 years ago

Commit 92addd7 fixes this pull-request

Pull-Request has been merged by jhrozek
5 years ago

I fixed the typo and pushed the patches; thank you very much for the contribution
Metadata
None
No Tags
Changes Summary 2
+16 -0
file changed
src/providers/ipa/selinux_child.c
+3 -1
file changed
src/util/sss_semanage.c
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.