summaryrefslogtreecommitdiff
path: root/Linux-PAM/modules/pam_unix/lckpwdf.-c
diff options
context:
space:
mode:
Diffstat (limited to 'Linux-PAM/modules/pam_unix/lckpwdf.-c')
-rw-r--r--Linux-PAM/modules/pam_unix/lckpwdf.-c25
1 files changed, 25 insertions, 0 deletions
diff --git a/Linux-PAM/modules/pam_unix/lckpwdf.-c b/Linux-PAM/modules/pam_unix/lckpwdf.-c
index b5ff4585..7145617e 100644
--- a/Linux-PAM/modules/pam_unix/lckpwdf.-c
+++ b/Linux-PAM/modules/pam_unix/lckpwdf.-c
@@ -26,6 +26,9 @@
#include <fcntl.h>
#include <signal.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
#define LOCKFILE "/etc/.pwd.lock"
#define TIMEOUT 15
@@ -64,6 +67,28 @@ static int lckpwdf(void)
if (lockfd != -1)
return -1;
+#ifdef WITH_SELINUX
+ if(is_selinux_enabled()>0)
+ {
+ lockfd = open(LOCKFILE, O_WRONLY);
+ if(lockfd == -1 && errno == ENOENT)
+ {
+ security_context_t create_context;
+ int rc;
+
+ if(getfilecon("/etc/passwd", &create_context))
+ return -1;
+ rc = setfscreatecon(create_context);
+ freecon(create_context);
+ if(rc)
+ return -1;
+ lockfd = open(LOCKFILE, O_CREAT | O_WRONLY, 0600);
+ if(setfscreatecon(NULL))
+ return -1;
+ }
+ }
+ else
+#endif
lockfd = open(LOCKFILE, O_CREAT | O_WRONLY, 0600);
if (lockfd == -1)
return -1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 00:41:34 +0000