shadow/selinux-flag.patch

From 73e2af119d62d76cd7edcd2109a122a22e143e91 Mon Sep 17 00:00:00 2001
From: "guiyao" <guiyao@huawei.com>
Date: Wed, 15 Apr 2020 15:41:18 -0400
Subject: [PATCH] selinux-flag

backport selinux flag patch and modified for new code
---
 lib/semanage.c |  7 ++++++
 src/useradd.c  | 69 ++++++++++++++++++++++++++++++----------------------------
 2 files changed, 43 insertions(+), 33 deletions(-)

diff --git a/lib/semanage.c b/lib/semanage.c
index e983f5f..7ec8969 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name, const char *seuser_name)
 
 	ret = 0;
 
+	/* drop obsolete matchpathcon cache */
+	matchpathcon_fini();
+
 done:
 	semanage_seuser_key_free (key);
 	semanage_handle_destroy (handle);
@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)
 	}
 
 	ret = 0;
+
+	/* drop obsolete matchpathcon cache */
+	matchpathcon_fini();
+
 done:
 	semanage_handle_destroy (handle);
 	return ret;
diff --git a/src/useradd.c b/src/useradd.c
index b294439..47394a3 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2242,6 +2242,7 @@ static void create_mail (void)
  */
 int main (int argc, char **argv)
 {
+	int rv = E_SUCCESS;
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	pam_handle_t *pamh = NULL;
@@ -2464,27 +2465,11 @@ int main (int argc, char **argv)
 
 	usr_update ();
 
-	if (mflg) {
-		create_home ();
-		if (home_added) {
-			copy_tree (def_template, prefix_user_home, false, false,
-			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
-		} else {
-			fprintf (stderr,
-			         _("%s: warning: the home directory %s already exists.\n"
-			           "%s: Not copying any file from skel directory into it.\n"),
-			         Prog, user_home, Prog);
-		}
-
-	}
-
-	/* Do not create mail directory for system accounts */
-	if (!rflg) {
-		create_mail ();
-	}
-
 	close_files ();
 
+	nscd_flush_cache ("passwd");
+	nscd_flush_cache ("group");
+
 	/*
 	 * tallylog_reset needs to be able to lookup
 	 * a valid existing user name,
@@ -2495,25 +2480,43 @@ int main (int argc, char **argv)
 	}
 
 #ifdef WITH_SELINUX
-	if (Zflg) {
-		if (set_seuser (user_name, user_selinux) != 0) {
-			fprintf (stderr,
-			         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
-			         Prog, user_name, user_selinux);
+	if (Zflg && *user_selinux) {
+		if (is_selinux_enabled () > 0) {
+			if (set_seuser (user_name, user_selinux) != 0) {
+				fprintf (stderr,
+					_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
+					Prog, user_name, user_selinux);
 #ifdef WITH_AUDIT
-			audit_logger (AUDIT_ADD_USER, Prog,
-			              "adding SELinux user mapping",
-			              user_name, (unsigned int) user_id, 0);
-#endif				/* WITH_AUDIT */
-			fail_exit (E_SE_UPDATE);
+				audit_logger (AUDIT_ADD_USER, Prog,
+					"adding SELinux user mapping",
+					user_name, (unsigned int) user_id, 0);
+#endif                 /* WITH_AUDIT */
+				rv = E_SE_UPDATE;
+			}
 		}
 	}
-#endif				/* WITH_SELINUX */
+#endif
+
+	if (mflg) {
+		create_home ();
+		if (home_added) {
+			copy_tree (def_template, prefix_user_home, false, true,
+						(uid_t)-1, user_id, (gid_t)-1, user_gid);
+		} else {
+			fprintf (stderr,
+					_("%s: warning: the home directory already exists.\n"
+					"Not copying any file from skel directory into it.\n"),
+					Prog);
+		}
+	}
+
+	/* Do not create mail directory for system accounts */
+	if (!rflg) {
+		create_mail ();
+	}
 
-	nscd_flush_cache ("passwd");
-	nscd_flush_cache ("group");
 	sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
 
-	return E_SUCCESS;
+	return rv;
 }
 
-- 
1.8.3.1
upgrade to 4.8.1 2020-05-11 11:48:31 +08:00			`From 73e2af119d62d76cd7edcd2109a122a22e143e91 Mon Sep 17 00:00:00 2001`
			`From: "guiyao" <guiyao@huawei.com>`
			`Date: Wed, 15 Apr 2020 15:41:18 -0400`
			`Subject: [PATCH] selinux-flag`

			`backport selinux flag patch and modified for new code`
			`---`
			`lib/semanage.c \| 7 ++++++`
			`src/useradd.c \| 69 ++++++++++++++++++++++++++++++----------------------------`
			`2 files changed, 43 insertions(+), 33 deletions(-)`

			`diff --git a/lib/semanage.c b/lib/semanage.c`
			`index e983f5f..7ec8969 100644`
			`--- a/lib/semanage.c`
			`+++ b/lib/semanage.c`
			`@@ -294,6 +294,9 @@ int set_seuser (const char login_name, const char seuser_name)`

			`ret = 0;`

			`+ /* drop obsolete matchpathcon cache */`
			`+ matchpathcon_fini();`
			`+`
			`done:`
			`semanage_seuser_key_free (key);`
			`semanage_handle_destroy (handle);`
			`@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)`
			`}`

			`ret = 0;`
			`+`
			`+ /* drop obsolete matchpathcon cache */`
			`+ matchpathcon_fini();`
			`+`
			`done:`
			`semanage_handle_destroy (handle);`
			`return ret;`
			`diff --git a/src/useradd.c b/src/useradd.c`
			`index b294439..47394a3 100644`
			`--- a/src/useradd.c`
			`+++ b/src/useradd.c`
			`@@ -2242,6 +2242,7 @@ static void create_mail (void)`
			`*/`
			`int main (int argc, char **argv)`
			`{`
			`+ int rv = E_SUCCESS;`
			`#ifdef ACCT_TOOLS_SETUID`
			`#ifdef USE_PAM`
			`pam_handle_t *pamh = NULL;`
			`@@ -2464,27 +2465,11 @@ int main (int argc, char **argv)`

			`usr_update ();`

			`- if (mflg) {`
			`- create_home ();`
			`- if (home_added) {`
			`- copy_tree (def_template, prefix_user_home, false, false,`
			`- (uid_t)-1, user_id, (gid_t)-1, user_gid);`
			`- } else {`
			`- fprintf (stderr,`
			`- _("%s: warning: the home directory %s already exists.\n"`
			`- "%s: Not copying any file from skel directory into it.\n"),`
			`- Prog, user_home, Prog);`
			`- }`
			`-`
			`- }`
			`-`
			`- /* Do not create mail directory for system accounts */`
			`- if (!rflg) {`
			`- create_mail ();`
			`- }`
			`-`
			`close_files ();`

			`+ nscd_flush_cache ("passwd");`
			`+ nscd_flush_cache ("group");`
			`+`
			`/*`
			`* tallylog_reset needs to be able to lookup`
			`* a valid existing user name,`
			`@@ -2495,25 +2480,43 @@ int main (int argc, char **argv)`
			`}`

			`#ifdef WITH_SELINUX`
			`- if (Zflg) {`
			`- if (set_seuser (user_name, user_selinux) != 0) {`
			`- fprintf (stderr,`
			`- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),`
			`- Prog, user_name, user_selinux);`
			`+ if (Zflg && *user_selinux) {`
			`+ if (is_selinux_enabled () > 0) {`
			`+ if (set_seuser (user_name, user_selinux) != 0) {`
			`+ fprintf (stderr,`
			`+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),`
			`+ Prog, user_name, user_selinux);`
			`#ifdef WITH_AUDIT`
			`- audit_logger (AUDIT_ADD_USER, Prog,`
			`- "adding SELinux user mapping",`
			`- user_name, (unsigned int) user_id, 0);`
			`-#endif /* WITH_AUDIT */`
			`- fail_exit (E_SE_UPDATE);`
			`+ audit_logger (AUDIT_ADD_USER, Prog,`
			`+ "adding SELinux user mapping",`
			`+ user_name, (unsigned int) user_id, 0);`
			`+#endif /* WITH_AUDIT */`
			`+ rv = E_SE_UPDATE;`
			`+ }`
			`}`
			`}`
			`-#endif /* WITH_SELINUX */`
			`+#endif`
			`+`
			`+ if (mflg) {`
			`+ create_home ();`
			`+ if (home_added) {`
			`+ copy_tree (def_template, prefix_user_home, false, true,`
			`+ (uid_t)-1, user_id, (gid_t)-1, user_gid);`
			`+ } else {`
			`+ fprintf (stderr,`
			`+ _("%s: warning: the home directory already exists.\n"`
			`+ "Not copying any file from skel directory into it.\n"),`
			`+ Prog);`
			`+ }`
			`+ }`
			`+`
			`+ /* Do not create mail directory for system accounts */`
			`+ if (!rflg) {`
			`+ create_mail ();`
			`+ }`

			`- nscd_flush_cache ("passwd");`
			`- nscd_flush_cache ("group");`
			`sssd_flush_cache (SSSD_DB_PASSWD \| SSSD_DB_GROUP);`

			`- return E_SUCCESS;`
			`+ return rv;`
			`}`

			`--`
			`1.8.3.1`