From cffedb98666140013497524064d3098c11461ff1 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Tue, 19 Oct 2010 23:34:52 +0000 Subject: pam_selinux.c: add "restore" option * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Add new "restore" option. --- modules/pam_selinux/pam_selinux.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index a8f540dd..d66ccb46 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -849,7 +849,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { const module_data_t *data; - int i, debug = 0, verbose = 0, close_session = 0; + int i, debug = 0, verbose = 0, close_session = 0, restore = 0; /* Parse arguments. */ for (i = 0; i < argc; i++) { @@ -862,6 +862,9 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, if (strcmp(argv[i], "close") == 0) { close_session = 1; } + if (strcmp(argv[i], "restore") == 0) { + restore = 1; + } } if (debug) @@ -873,6 +876,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, data = get_module_data(pamh); + /* Is this module supposed only to restore original context? */ + if (restore) + return restore_context(pamh, data, debug); + /* If there is a saved context, this module is supposed to set it again. */ return data ? set_context(pamh, data, debug, verbose) : create_context(pamh, argc, argv, debug, verbose); -- cgit v1.2.3