|
|
1cdfb00 |
From 9c695e3a82fe5903b36b2d514b3284efeadc908c Mon Sep 17 00:00:00 2001
|
|
|
93a3c95 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
93a3c95 |
Date: Fri, 10 Apr 2015 11:06:44 +0200
|
|
|
1cdfb00 |
Subject: [PATCH 59/99] selinux: Begin and end the transaction on the same
|
|
|
93a3c95 |
nesting level
|
|
|
93a3c95 |
MIME-Version: 1.0
|
|
|
93a3c95 |
Content-Type: text/plain; charset=UTF-8
|
|
|
93a3c95 |
Content-Transfer-Encoding: 8bit
|
|
|
93a3c95 |
|
|
|
93a3c95 |
Transaction should be started and commited on the same code nesting or
|
|
|
93a3c95 |
abstraction level. Also, transactions are really costly with libselinux
|
|
|
93a3c95 |
and splitting them from initialization will make init function reusable
|
|
|
93a3c95 |
by read-only libsemanage functions.
|
|
|
93a3c95 |
|
|
|
93a3c95 |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
1cdfb00 |
(cherry picked from commit 748b38a7991d78cbf4726f2a14ace5e926629a54)
|
|
|
93a3c95 |
---
|
|
|
93a3c95 |
src/util/sss_semanage.c | 20 ++++++++++++++------
|
|
|
93a3c95 |
1 file changed, 14 insertions(+), 6 deletions(-)
|
|
|
93a3c95 |
|
|
|
93a3c95 |
diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c
|
|
|
93a3c95 |
index d141de1c671e6d62a731e56b10ee14069f27ae87..c0342498cbd0495733a0bf701a06a02cfb705fc7 100644
|
|
|
93a3c95 |
--- a/src/util/sss_semanage.c
|
|
|
93a3c95 |
+++ b/src/util/sss_semanage.c
|
|
|
93a3c95 |
@@ -109,12 +109,6 @@ static semanage_handle_t *sss_semanage_init(void)
|
|
|
93a3c95 |
goto fail;
|
|
|
93a3c95 |
}
|
|
|
93a3c95 |
|
|
|
93a3c95 |
- ret = semanage_begin_transaction(handle);
|
|
|
93a3c95 |
- if (ret != 0) {
|
|
|
93a3c95 |
- DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n");
|
|
|
93a3c95 |
- goto fail;
|
|
|
93a3c95 |
- }
|
|
|
93a3c95 |
-
|
|
|
93a3c95 |
return handle;
|
|
|
93a3c95 |
fail:
|
|
|
93a3c95 |
sss_semanage_close(handle);
|
|
|
93a3c95 |
@@ -243,6 +237,13 @@ int set_seuser(const char *login_name, const char *seuser_name,
|
|
|
93a3c95 |
goto done;
|
|
|
93a3c95 |
}
|
|
|
93a3c95 |
|
|
|
93a3c95 |
+ ret = semanage_begin_transaction(handle);
|
|
|
93a3c95 |
+ if (ret != 0) {
|
|
|
93a3c95 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n");
|
|
|
93a3c95 |
+ ret = EIO;
|
|
|
93a3c95 |
+ goto done;
|
|
|
93a3c95 |
+ }
|
|
|
93a3c95 |
+
|
|
|
93a3c95 |
ret = semanage_seuser_key_create(handle, login_name, &key);
|
|
|
93a3c95 |
if (ret != 0) {
|
|
|
93a3c95 |
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n");
|
|
|
93a3c95 |
@@ -303,6 +304,13 @@ int del_seuser(const char *login_name)
|
|
|
93a3c95 |
goto done;
|
|
|
93a3c95 |
}
|
|
|
93a3c95 |
|
|
|
93a3c95 |
+ ret = semanage_begin_transaction(handle);
|
|
|
93a3c95 |
+ if (ret != 0) {
|
|
|
93a3c95 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n");
|
|
|
93a3c95 |
+ ret = EIO;
|
|
|
93a3c95 |
+ goto done;
|
|
|
93a3c95 |
+ }
|
|
|
93a3c95 |
+
|
|
|
93a3c95 |
ret = semanage_seuser_key_create(handle, login_name, &key);
|
|
|
93a3c95 |
if (ret != 0) {
|
|
|
93a3c95 |
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n");
|
|
|
93a3c95 |
--
|
|
|
1cdfb00 |
2.4.0
|
|
|
93a3c95 |
|