URL: https://github.com/SSSD/sssd/pull/920 Author: elkoniu Title: #920: Add comment to workaround for libsemanage issue Action: opened
PR body: """ libsemanage < 2.6 use to not set right file mask in our usecase. It has been fixed by manual umask() call but is no longer needed. Fix will be keept as a precaution for future libsemanage versions. Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1186422 Related issue: https://pagure.io/SSSD/sssd/issue/3583 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/920/head:pr920 git checkout pr920
From a9cf1006ffd4cd8e916b7a284d9ce92878f9a2bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?= <ppola...@redhat.com> Date: Wed, 30 Oct 2019 11:50:53 +0100 Subject: [PATCH] Add comment to workaround for libsemanage issue libsemanage < 2.6 use to not set right file mask in our usecase. It has been fixed by manual umask() call but is no longer needed. Fix will be keept as a precaution for future libsemanage versions. Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1186422 Related issue: https://pagure.io/SSSD/sssd/issue/3583 --- src/providers/ipa/selinux_child.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c index 925591ec90..f5611a8aa3 100644 --- a/src/providers/ipa/selinux_child.c +++ b/src/providers/ipa/selinux_child.c @@ -147,11 +147,13 @@ static int sc_set_seuser(const char *login_name, const char *seuser_name, int ret; mode_t old_mask; - /* This is a workaround for - * https://bugzilla.redhat.com/show_bug.cgi?id=1186422 to make sure - * the directories are created with the expected permissions + /* Bug origin: https://bugzilla.redhat.com/show_bug.cgi?id=1186422 + * This workaround is required for libsemanage < 2.5-13.el7 + * It will remain here as a precaution in case of unexpected + * libsemanage behaviour. */ old_mask = umask(0); + if (strcmp(seuser_name, "") == 0) { /* An empty SELinux user should cause SSSD to use the system * default. We need to remove the SELinux user from the DB @@ -161,7 +163,9 @@ static int sc_set_seuser(const char *login_name, const char *seuser_name, } else { ret = sss_set_seuser(login_name, seuser_name, mls); } + umask(old_mask); + return ret; }
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
