]>
Commit | Line | Data |
---|---|---|
83f626c2 JR |
1 | --- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.keycreate 2006-08-31 17:26:46.000000000 +0200 |
2 | +++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2006-08-31 19:01:05.000000000 +0200 | |
3 | @@ -391,6 +391,28 @@ | |
4 | pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s", | |
5 | (const char *)username, user_context); | |
6 | } | |
7 | +#ifdef HAVE_SETKEYCREATECON | |
8 | + ret = setkeycreatecon(user_context); | |
9 | + if (ret==0 && verbose) { | |
10 | + char msg[PATH_MAX]; | |
11 | + snprintf(msg, sizeof(msg), | |
12 | + _("Key Creation Context %s Assigned"), user_context); | |
13 | + verbose_message(pamh, msg, debug); | |
14 | + } | |
15 | + if (ret) { | |
16 | + pam_syslog(pamh, LOG_ERR, | |
17 | + "Error! Unable to set %s key creation context %s.", | |
18 | + (const char *)username, user_context); | |
19 | + if (security_getenforce() == 1) { | |
20 | + freecon(user_context); | |
21 | + return PAM_AUTH_ERR; | |
22 | + } | |
23 | + } else { | |
24 | + if (debug) | |
25 | + pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s", | |
26 | + (const char *)username, user_context); | |
27 | + } | |
28 | +#endif | |
29 | freecon(user_context); | |
30 | ||
31 | return PAM_SUCCESS; | |
32 | --- Linux-PAM-0.99.6.2/configure.in.keycreate 2006-08-31 17:26:46.000000000 +0200 | |
33 | +++ Linux-PAM-0.99.6.2/configure.in 2006-08-31 18:59:52.000000000 +0200 | |
ed5cda94 | 34 | @@ -397,6 +397,11 @@ |
83f626c2 | 35 | AC_CHECK_FUNCS(getgrouplist getline getdelim) |
ed5cda94 | 36 | AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af) |
83f626c2 | 37 | |
ed5cda94 JR |
38 | +AC_CHECK_LIB([selinux],[setkeycreatecon], SETKEYCREATECON="yes", SETKEYCREATECON="") |
39 | +if test "$SETKEYCREATECON" == "yes" ; then | |
40 | + AC_DEFINE([HAVE_SETKEYCREATECON], 1, [Defined if SE Linux have setkeycreatecon function]) | |
41 | +fi | |
42 | + | |
83f626c2 JR |
43 | AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no]) |
44 | AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes]) | |
ed5cda94 | 45 |