RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-26 07:52:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Laurent Bigonville fix to look at MAX_UID as well as MIN_UID in genhomedircon

Browse Source
This commit is contained in:
Dan Walsh 2013-10-09 16:39:52 -04:00 committed by Stephen Smalley
parent 874a976470
commit 1fbb15eb11
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libsemanage/src/genhomedircon.c
View File

@ -283,7 +283,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
char *rbuf = NULL; char *rbuf = NULL;
char *path = NULL; char *path = NULL;
long rbuflen; long rbuflen;
uid_t temp, minuid = 500; uid_t temp, minuid = 500, maxuid = 60000;
int minuid_set = 0; int minuid_set = 0;
struct passwd pwstorage, *pwbuf; struct passwd pwstorage, *pwbuf;
struct stat buf; struct stat buf;
@ -333,6 +333,14 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
free(path); free(path);
path = NULL; path = NULL;
path = semanage_findval(PATH_ETC_LOGIN_DEFS, "UID_MAX", NULL);
if (path && *path) {
temp = atoi(path);
maxuid = temp;
}
free(path);
path = NULL;
path = semanage_findval(PATH_ETC_LIBUSER, "LU_UIDNUMBER", "="); path = semanage_findval(PATH_ETC_LIBUSER, "LU_UIDNUMBER", "=");
if (path && *path) { if (path && *path) {
temp = atoi(path); temp = atoi(path);
@ -352,7 +360,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
goto fail; goto fail;
setpwent(); setpwent();
while ((retval = getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf)) == 0) { while ((retval = getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf)) == 0) {
if (pwbuf->pw_uid < minuid) if (pwbuf->pw_uid < minuid || pwbuf->pw_uid > maxuid)
continue; continue;
if (!semanage_list_find(shells, pwbuf->pw_shell)) if (!semanage_list_find(shells, pwbuf->pw_shell))
continue; continue;
@ -385,7 +393,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
/* NOTE: old genhomedircon printed a warning on match */ /* NOTE: old genhomedircon printed a warning on match */
if (hand.matched) { if (hand.matched) {
WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid); WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid, maxuid);
} else { } else {
if (semanage_list_push(&homedir_list, path)) if (semanage_list_push(&homedir_list, path))
goto fail; goto fail;