Skip to content

Commit

Permalink
sss_semanage code is only used by 'selinux_child'
Browse files Browse the repository at this point in the history
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
alexey-tikhonov committed Dec 10, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent ef53531 commit c357838
Showing 6 changed files with 15 additions and 56 deletions.
22 changes: 1 addition & 21 deletions Makefile.am
Original file line number Diff line number Diff line change
@@ -1341,25 +1341,6 @@ libsss_util_la_SOURCES += src/db/sysdb_passkey_user_verification.c
endif # BUILD_PASSKEY
libsss_util_la_LDFLAGS = -avoid-version

pkglib_LTLIBRARIES += libsss_semanage.la
libsss_semanage_la_CFLAGS = \
$(AM_CFLAGS) \
$(TALLOC_CFLAGS) \
$(NULL)
libsss_semanage_la_SOURCES = \
src/util/sss_semanage.c \
$(NULL)
libsss_semanage_la_LIBADD = \
$(TALLOC_LIBS) \
libsss_debug.la \
$(NULL)
if BUILD_SELINUX
libsss_semanage_la_LIBADD += $(SEMANAGE_LIBS)
endif

libsss_semanage_la_LDFLAGS = \
-avoid-version

SSSD_INTERNAL_LTLIBS = \
libsss_util.la \
libsss_crypt.la \
@@ -4575,7 +4556,6 @@ libsss_ipa_la_LIBADD = \
libsss_krb5_common.la \
libipa_hbac.la \
libsss_idmap.la \
libsss_semanage.la \
$(NULL)
libsss_ipa_la_LDFLAGS = \
-avoid-version \
@@ -4745,7 +4725,7 @@ ldap_child_LDADD = \
if BUILD_SELINUX
selinux_child_SOURCES = \
src/providers/ipa/selinux_child.c \
src/util/sss_semanage.c \
src/providers/ipa/selinux_child_semanage.c \
src/util/sss_chain_id.c \
src/util/atomic_io.c \
src/util/util.c \
1 change: 0 additions & 1 deletion contrib/sssd.spec.in
Original file line number Diff line number Diff line change
@@ -829,7 +829,6 @@ install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf
%{_libdir}/%{name}/libsss_krb5_common.so
%{_libdir}/%{name}/libsss_ldap_common.so
%{_libdir}/%{name}/libsss_util.so
%{_libdir}/%{name}/libsss_semanage.so
%{_libdir}/%{name}/libifp_iface.so
%{_libdir}/%{name}/libifp_iface_sync.so
%{_libdir}/%{name}/libsss_iface.so
14 changes: 14 additions & 0 deletions src/providers/ipa/selinux_child.c
Original file line number Diff line number Diff line change
@@ -34,6 +34,20 @@
#include "util/sss_chain_id.h"
#include "providers/backend.h"

/* from selinux_child_semanage.c */
/* Please note that libsemange relies on files and directories created with
* certain permissions. Therefore the caller should make sure the umask is
* not too restricted (especially when called from the daemon code).
*/
int sss_set_seuser(const char *login_name, const char *seuser_name,
const char *mlsrange);
int sss_del_seuser(const char *login_name);
int sss_get_seuser(const char *linuxuser,
char **selinuxuser,
char **level);
int sss_seuser_exists(const char *linuxuser);


struct input_buffer {
const char *seuser;
const char *mls_range;
Original file line number Diff line number Diff line change
@@ -22,7 +22,6 @@
#include "config.h"
#include "util/util.h"

#if defined(HAVE_SELINUX)
#include <stdio.h>
#include <semanage/semanage.h>
#include <selinux/selinux.h>
@@ -456,22 +455,3 @@ int sss_del_seuser(const char *login_name)
sss_semanage_close(handle);
return ret;
}
#else /* HAVE_SELINUX */
int sss_set_seuser(const char *login_name, const char *seuser_name,
const char *mls)
{
return EOK;
}

int sss_del_seuser(const char *login_name)
{
return EOK;
}

int sss_get_seuser(const char *linuxuser,
char **selinuxuser,
char **level)
{
return EOK;
}
#endif /* HAVE_SELINUX */
1 change: 0 additions & 1 deletion src/tests/dlopen-tests.c
Original file line number Diff line number Diff line change
@@ -40,7 +40,6 @@ struct so {
const char *libs[6];
} so[] = {
{ "libsss_debug.so", { LIBPFX"libsss_debug.so", NULL } },
{ "libsss_semanage.so", { LIBPFX"libsss_semanage.so", NULL } },
{ "libipa_hbac.so", { LIBPFX"libipa_hbac.so", NULL } },
{ "libsss_idmap.so", { LIBPFX"libsss_idmap.so", NULL } },
{ "libsss_nss_idmap.so", { LIBPFX"libsss_nss_idmap.so", NULL } },
13 changes: 0 additions & 13 deletions src/util/util.h
Original file line number Diff line number Diff line change
@@ -742,19 +742,6 @@ errno_t sss_set_cap_effective(cap_value_t cap, bool effective);
errno_t sss_drop_cap(cap_value_t cap);
void sss_drop_all_caps(void);

/* from sss_semanage.c */
/* Please note that libsemange relies on files and directories created with
* certain permissions. Therefore the caller should make sure the umask is
* not too restricted (especially when called from the daemon code).
*/
int sss_set_seuser(const char *login_name, const char *seuser_name,
const char *mlsrange);
int sss_del_seuser(const char *login_name);
int sss_get_seuser(const char *linuxuser,
char **selinuxuser,
char **level);
int sss_seuser_exists(const char *linuxuser);

/* convert time from generalized form to unix time */
errno_t sss_utc_to_time_t(const char *str, const char *format, time_t *unix_time);

0 comments on commit c357838

Please sign in to comment.