summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/Makefile.am1
-rw-r--r--src/tools/files.c57
-rw-r--r--src/tools/selinux.c81
-rw-r--r--src/tools/tools_util.h7
4 files changed, 86 insertions, 60 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index c3b1fe7b..e5c12df8 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -247,6 +247,7 @@ SSSD_TOOLS_OBJ = \
tools/sss_sync_ops.c \
tools/tools_util.c \
tools/files.c \
+ tools/selinux.c \
tools/nscd.c
SSSD_RESOLV_OBJ = \
diff --git a/src/tools/files.c b/src/tools/files.c
index 90920b6c..b3b516ea 100644
--- a/src/tools/files.c
+++ b/src/tools/files.c
@@ -66,10 +66,6 @@
#include "util/util.h"
#include "tools/tools_util.h"
-#ifdef HAVE_SELINUX
-#include <selinux/selinux.h>
-#endif
-
int copy_tree(const char *src_root, const char *dst_root,
uid_t uid, gid_t gid);
@@ -79,59 +75,6 @@ struct copy_ctx {
dev_t src_dev;
};
-#ifdef HAVE_SELINUX
-/*
- * selinux_file_context - Set the security context before any file or
- * directory creation.
- *
- * selinux_file_context () should be called before any creation of file,
- * symlink, directory, ...
- *
- * Callers may have to Reset SELinux to create files with default
- * contexts:
- * reset_selinux_file_context();
- */
-int selinux_file_context(const char *dst_name)
-{
- security_context_t scontext = NULL;
-
- if (is_selinux_enabled() == 1) {
- /* Get the default security context for this file */
- if (matchpathcon(dst_name, 0, &scontext) < 0) {
- if (security_getenforce () != 0) {
- return 1;
- }
- }
- /* Set the security context for the next created file */
- if (setfscreatecon(scontext) < 0) {
- if (security_getenforce() != 0) {
- return 1;
- }
- }
- freecon(scontext);
- }
-
- return 0;
-}
-
-int reset_selinux_file_context(void)
-{
- setfscreatecon(NULL);
- return EOK;
-}
-
-#else /* HAVE_SELINUX */
-int selinux_file_context(const char *dst_name)
-{
- return EOK;
-}
-
-int reset_selinux_file_context(void)
-{
- return EOK;
-}
-#endif /* HAVE_SELINUX */
-
/* wrapper in order not to create a temporary context in
* every iteration */
static int remove_tree_with_ctx(TALLOC_CTX *mem_ctx,
diff --git a/src/tools/selinux.c b/src/tools/selinux.c
new file mode 100644
index 00000000..9fa660c6
--- /dev/null
+++ b/src/tools/selinux.c
@@ -0,0 +1,81 @@
+/*
+ SSSD
+
+ selinux.c
+
+ Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "config.h"
+
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
+#include "util/util.h"
+
+#ifdef HAVE_SELINUX
+/*
+ * selinux_file_context - Set the security context before any file or
+ * directory creation.
+ *
+ * selinux_file_context () should be called before any creation of file,
+ * symlink, directory, ...
+ *
+ * Callers may have to Reset SELinux to create files with default
+ * contexts:
+ * reset_selinux_file_context();
+ */
+int selinux_file_context(const char *dst_name)
+{
+ security_context_t scontext = NULL;
+
+ if (is_selinux_enabled() == 1) {
+ /* Get the default security context for this file */
+ if (matchpathcon(dst_name, 0, &scontext) < 0) {
+ if (security_getenforce () != 0) {
+ return 1;
+ }
+ }
+ /* Set the security context for the next created file */
+ if (setfscreatecon(scontext) < 0) {
+ if (security_getenforce() != 0) {
+ return 1;
+ }
+ }
+ freecon(scontext);
+ }
+
+ return 0;
+}
+
+int reset_selinux_file_context(void)
+{
+ setfscreatecon(NULL);
+ return EOK;
+}
+
+#else /* HAVE_SELINUX */
+int selinux_file_context(const char *dst_name)
+{
+ return EOK;
+}
+
+int reset_selinux_file_context(void)
+{
+ return EOK;
+}
+#endif /* HAVE_SELINUX */
diff --git a/src/tools/tools_util.h b/src/tools/tools_util.h
index fccec146..2ac18535 100644
--- a/src/tools/tools_util.h
+++ b/src/tools/tools_util.h
@@ -104,9 +104,6 @@ int copy_tree(const char *src_root,
const char *dst_root,
uid_t uid, gid_t gid);
-int selinux_file_context(const char *dst_name);
-int reset_selinux_file_context(void);
-
/* from nscd.c */
enum nscd_db {
NSCD_DB_PASSWD,
@@ -115,4 +112,8 @@ enum nscd_db {
int flush_nscd_cache(TALLOC_CTX *mem_ctx, enum nscd_db flush_db);
+/* from selinux.c */
+int selinux_file_context(const char *dst_name);
+int reset_selinux_file_context(void);
+
#endif /* __TOOLS_UTIL_H__ */