diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | modules/pam_selinux/pam_selinux.c | 14 |
2 files changed, 13 insertions, 7 deletions
@@ -1,3 +1,9 @@ +2008-04-22 Tomas Mraz <t8m@centrum.cz> + + * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix + regression from the change from 2008-03-20. setexeccon() must be + called also with NULL prev_context. + 2008-04-21 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_access/access.conf.5.xml: Document changed behavior diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index f679e33d..da49f3f9 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -702,21 +702,21 @@ pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, free(ttyn); ttyn=NULL; } - if (prev_user_context) { - if (setexeccon(prev_user_context)) { + + if (setexeccon(prev_user_context)) { pam_syslog(pamh, LOG_ERR, "Unable to restore executable context %s.", - prev_user_context); + prev_user_context ? prev_user_context : ""); if (security_getenforce() == 1) status = PAM_AUTH_ERR; else status = PAM_SUCCESS; - } + } else if (debug) + pam_syslog(pamh, LOG_NOTICE, "Executable context back to original"); + + if (prev_user_context) { freecon(prev_user_context); prev_user_context = NULL; } - if (debug) - pam_syslog(pamh, LOG_NOTICE, "setcontext back to orginal"); - return status; } |