Move SELinux processing to provider.

The SELinux processing was distributed between provider and pam responder which resulted in hard to maintain code. This patch moves the logic to provider. IT ALSO REQUIRES CHANGE IN THE SELINUX POLICY, because the provider also writes the content of selinux login file to disk (which was done by responder before). https://fedorahosted.org/sssd/ticket/1743
author: Michal Zidek <mzidek@redhat.com> 2013-02-07 19:35:37 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-03-19 17:50:53 +0100
commit: b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858 (patch)
tree: 990fcb7fa6901faf4f2b7befea8912324106dad5 /src/providers/ipa/ipa_selinux.h
parent: 1f469537545a20b62cb35966033be24e1c0cae39 (diff)
download: sssd-b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858.tar.gz
sssd-b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858.tar.bz2
sssd-b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_selinux.h b/src/providers/ipa/ipa_selinux.h
index 60c22110..0f3fadd3 100644
--- a/src/providers/ipa/ipa_selinux.h
+++ b/src/providers/ipa/ipa_selinux.h
@@ -27,6 +27,13 @@
 
 #include "providers/ldap/ldap_common.h"
 
+#ifdef HAVE_SELINUX_LOGIN_DIR
+
+#define ALL_SERVICES "*"
+#define selogin_path(mem_ctx, username) \
+    talloc_asprintf(mem_ctx, "%s/logins/%s", selinux_policy_root(), username)
+#endif
+
 struct ipa_selinux_ctx {
     struct ipa_id_ctx *id_ctx;
author	Michal Zidek <mzidek@redhat.com>	2013-02-07 19:35:37 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-03-19 17:50:53 +0100
commit	b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858 (patch)
tree	990fcb7fa6901faf4f2b7befea8912324106dad5 /src/providers/ipa/ipa_selinux.h
parent	1f469537545a20b62cb35966033be24e1c0cae39 (diff)
download	sssd-b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858.tar.gz sssd-b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858.tar.bz2 sssd-b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858.zip