summaryrefslogtreecommitdiff
path: root/modules/pam_selinux
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2008-03-20 17:06:32 +0000
committerTomas Mraz <tm@t8m.info>2008-03-20 17:06:32 +0000
commitffe3830f997b26538dabbac0c7cbc359e71a3c34 (patch)
tree6127f3df609fbd0e4c8c367231bc35904ead8251 /modules/pam_selinux
parent50ae95ca4091b682fdb154e5aaa63879ba1c6cdc (diff)
Relevant BUGIDs: rhbz#438338, rhbz#438264
Purpose of commit: bugfix Commit summary: --------------- 2008-03-20 Tomas Mraz <t8m@centrum.cz> * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER method only when appropriate. (setup_namespace): Do not umount when not mounted with RUSER. * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call freecontext() after the context is logged not before.
Diffstat (limited to 'modules/pam_selinux')
-rw-r--r--modules/pam_selinux/pam_selinux.c22
1 files changed, 12 insertions, 10 deletions
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index 8959c8cf..f679e33d 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -672,7 +672,7 @@ PAM_EXTERN int
pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
- int i, debug = 0,status=0, open_session=0;
+ int i, debug = 0, status = PAM_SUCCESS, open_session = 0;
if (! (selinux_enabled ))
return PAM_SUCCESS;
@@ -702,19 +702,21 @@ pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
free(ttyn);
ttyn=NULL;
}
- status=setexeccon(prev_user_context);
- freecon(prev_user_context);
- if (status) {
- pam_syslog(pamh, LOG_ERR, "Error! Unable to set executable context %s.",
+ if (prev_user_context) {
+ if (setexeccon(prev_user_context)) {
+ pam_syslog(pamh, LOG_ERR, "Unable to restore executable context %s.",
prev_user_context);
- if (security_getenforce() == 1)
- return PAM_AUTH_ERR;
- else
- return PAM_SUCCESS;
+ if (security_getenforce() == 1)
+ status = PAM_AUTH_ERR;
+ else
+ status = PAM_SUCCESS;
+ }
+ freecon(prev_user_context);
+ prev_user_context = NULL;
}
if (debug)
pam_syslog(pamh, LOG_NOTICE, "setcontext back to orginal");
- return PAM_SUCCESS;
+ return status;
}