From 73e2af119d62d76cd7edcd2109a122a22e143e91 Mon Sep 17 00:00:00 2001
From: "guiyao" <guiyao@huawei.com>
Date: Wed, 15 Apr 2020 15:41:18 -0400
Subject: [PATCH] selinux-flag

backport selinux flag patch and modified for new code
---
 lib/semanage.c |  7 ++++++
 src/useradd.c  | 69 ++++++++++++++++++++++++++++++----------------------------
 2 files changed, 43 insertions(+), 33 deletions(-)

diff --git a/lib/semanage.c b/lib/semanage.c
index e983f5f..7ec8969 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name, const char *seuser_name)
 
 	ret = 0;
 
+	/* drop obsolete matchpathcon cache */
+	matchpathcon_fini();
+
 done:
 	semanage_seuser_key_free (key);
 	semanage_handle_destroy (handle);
@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)
 	}
 
 	ret = 0;
+
+	/* drop obsolete matchpathcon cache */
+	matchpathcon_fini();
+
 done:
 	semanage_handle_destroy (handle);
 	return ret;
diff --git a/src/useradd.c b/src/useradd.c
index b294439..47394a3 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2242,6 +2242,7 @@ static void create_mail (void)
  */
 int main (int argc, char **argv)
 {
+	int rv = E_SUCCESS;
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 	pam_handle_t *pamh = NULL;
@@ -2464,27 +2465,11 @@ int main (int argc, char **argv)
 
 	usr_update ();
 
-	if (mflg) {
-		create_home ();
-		if (home_added) {
-			copy_tree (def_template, prefix_user_home, false, false,
-			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
-		} else {
-			fprintf (stderr,
-			         _("%s: warning: the home directory %s already exists.\n"
-			           "%s: Not copying any file from skel directory into it.\n"),
-			         Prog, user_home, Prog);
-		}
-
-	}
-
-	/* Do not create mail directory for system accounts */
-	if (!rflg) {
-		create_mail ();
-	}
-
 	close_files ();
 
+	nscd_flush_cache ("passwd");
+	nscd_flush_cache ("group");
+
 	/*
 	 * tallylog_reset needs to be able to lookup
 	 * a valid existing user name,
@@ -2495,25 +2480,43 @@ int main (int argc, char **argv)
 	}
 
 #ifdef WITH_SELINUX
-	if (Zflg) {
-		if (set_seuser (user_name, user_selinux) != 0) {
-			fprintf (stderr,
-			         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
-			         Prog, user_name, user_selinux);
+	if (Zflg && *user_selinux) {
+		if (is_selinux_enabled () > 0) {
+			if (set_seuser (user_name, user_selinux) != 0) {
+				fprintf (stderr,
+					_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
+					Prog, user_name, user_selinux);
 #ifdef WITH_AUDIT
-			audit_logger (AUDIT_ADD_USER, Prog,
-			              "adding SELinux user mapping",
-			              user_name, (unsigned int) user_id, 0);
-#endif				/* WITH_AUDIT */
-			fail_exit (E_SE_UPDATE);
+				audit_logger (AUDIT_ADD_USER, Prog,
+					"adding SELinux user mapping",
+					user_name, (unsigned int) user_id, 0);
+#endif                 /* WITH_AUDIT */
+				rv = E_SE_UPDATE;
+			}
 		}
 	}
-#endif				/* WITH_SELINUX */
+#endif
+
+	if (mflg) {
+		create_home ();
+		if (home_added) {
+			copy_tree (def_template, prefix_user_home, false, true,
+						(uid_t)-1, user_id, (gid_t)-1, user_gid);
+		} else {
+			fprintf (stderr,
+					_("%s: warning: the home directory already exists.\n"
+					"Not copying any file from skel directory into it.\n"),
+					Prog);
+		}
+	}
+
+	/* Do not create mail directory for system accounts */
+	if (!rflg) {
+		create_mail ();
+	}
 
-	nscd_flush_cache ("passwd");
-	nscd_flush_cache ("group");
 	sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
 
-	return E_SUCCESS;
+	return rv;
 }
 
-- 
1.8.3.1