Hi,
As the automated test tools of our downstream discovered, selinux_child
now compiles with a warning if -Wunused-result is set:
sssd-1.12.2/src/providers/ipa/selinux_child.c:227:15: warning: ignoring return
value of 'setgid', declared with attribute warn_unused_result [-Wunused-result]
sssd-1.12.2/src/providers/ipa/selinux_child.c:223:15: warning: ignoring return
value of 'setuid', declared with attribute warn_unused_result [-Wunused-result]
Sorry I didn't catch this earlier, but I don't think we can do much about
the error anyway, just warn.
>From e463938cd0cbe51ea7d5eca6ebfbe25afaf6d9d1 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Tue, 27 Jan 2015 20:32:33 +0100
Subject: [PATCH] SELINUX: Check the return value of setuid and setgid
---
src/providers/ipa/selinux_child.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/providers/ipa/selinux_child.c
b/src/providers/ipa/selinux_child.c
index
7297f5ed3bafbd8ac9b14ee60ef07839a35587cf..dd8e838d2dd991033209477d82062d15d46c542a
100644
--- a/src/providers/ipa/selinux_child.c
+++ b/src/providers/ipa/selinux_child.c
@@ -220,11 +220,23 @@ int main(int argc, const char *argv[])
* We need to switch also the real ID to 0.
*/
if (getuid() != 0) {
- setuid(0);
+ errno = 0;
+ ret = setuid(0);
+ if (ret == -1) {
+ ret = errno;
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "setuid failed: %d, selinux_child might not work!\n", ret);
+ }
}
if (getgid() != 0) {
- setgid(0);
+ errno = 0;
+ ret = setgid(0);
+ if (ret == -1) {
+ ret = errno;
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "setgid failed: %d, selinux_child might not work!\n", ret);
+ }
}
DEBUG(SSSDBG_TRACE_INTERNAL,
--
2.1.0
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
