int set_seuser(const char *login_name, const char *seuser_name) { semanage_handle_t *handle = NULL; semanage_seuser_key_t *key = NULL; int ret; int seuser_exists = 0; if (seuser_name == NULL) { /* don't care, just let system pick the defaults */ return EOK; } handle = sss_semanage_init(); if (!handle) { DEBUG(1, ("Cannot init SELinux management\n")); ret = EIO; goto done; } ret = semanage_seuser_key_create(handle, login_name, &key); if (ret != 0) { DEBUG(1, ("Cannot create SELinux user key\n")); ret = EIO; goto done; } ret = semanage_seuser_exists(handle, key, &seuser_exists); if (ret < 0) { DEBUG(1, ("Cannot verify the SELinux user\n")); ret = EIO; goto done; } if (seuser_exists) { ret = sss_semanage_user_mod(handle, key, login_name, seuser_name); if (ret != 0) { DEBUG(1, ("Cannot modify SELinux user mapping\n")); ret = EIO; goto done; } } else { ret = sss_semanage_user_add(handle, key, login_name, seuser_name); if (ret != 0) { DEBUG(1, ("Cannot add SELinux user mapping\n")); ret = EIO; goto done; } } ret = semanage_commit(handle); if (ret < 0) { DEBUG(1, ("Cannot commit SELinux transaction\n")); ret = EIO; goto done; } ret = EOK; done: semanage_seuser_key_free(key); semanage_handle_destroy(handle); return ret; }
int sss_set_seuser(const char *login_name, const char *seuser_name, const char *mls) { semanage_handle_t *handle = NULL; semanage_seuser_key_t *key = NULL; int ret; int seuser_exists = 0; if (seuser_name == NULL) { /* don't care, just let system pick the defaults */ return EOK; } ret = sss_semanage_init(&handle); if (ret == ERR_SELINUX_NOT_MANAGED) { goto done; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux handle\n"); goto done; } ret = semanage_begin_transaction(handle); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n"); ret = EIO; goto done; } ret = semanage_seuser_key_create(handle, login_name, &key); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n"); ret = EIO; goto done; } ret = semanage_seuser_exists(handle, key, &seuser_exists); if (ret < 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n"); ret = EIO; goto done; } if (seuser_exists) { ret = sss_semanage_user_mod(handle, key, login_name, seuser_name, mls); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot modify SELinux user mapping\n"); ret = EIO; goto done; } } else { ret = sss_semanage_user_add(handle, key, login_name, seuser_name, mls); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add SELinux user mapping\n"); ret = EIO; goto done; } } ret = semanage_commit(handle); if (ret < 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot commit SELinux transaction\n"); ret = EIO; goto done; } ret = EOK; done: if (key != NULL) { semanage_seuser_key_free(key); } sss_semanage_close(handle); return ret; }