selinux: is_selinux_enabled() returns 0, 1 and -1
Unfortunately, the current libselinux implementation of is_selinux_enabled() returns -1 on error. This behavior is undocumented. The proper solution is to use "if (is_selinux_enabled() > 0)". Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
parent
4edebc1486
commit
4ba66edf82
|
@ -746,7 +746,7 @@ use the -f option to force it.\n"),
|
|||
#endif
|
||||
|
||||
#ifdef HAVE_LIBSELINUX
|
||||
if (S_ISREG(statbuf.st_mode) && is_selinux_enabled()) {
|
||||
if (S_ISREG(statbuf.st_mode) && is_selinux_enabled() > 0) {
|
||||
security_context_t context_string;
|
||||
security_context_t oldcontext;
|
||||
context_t newcontext;
|
||||
|
|
|
@ -148,7 +148,7 @@ int main (int argc, char **argv) {
|
|||
}
|
||||
|
||||
#ifdef HAVE_LIBSELINUX
|
||||
if (is_selinux_enabled()) {
|
||||
if (is_selinux_enabled() > 0) {
|
||||
if(uid == 0) {
|
||||
if (checkAccess(oldf.username,PASSWD__CHFN)!=0) {
|
||||
security_context_t user_context;
|
||||
|
|
|
@ -134,7 +134,7 @@ main (int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
#ifdef HAVE_LIBSELINUX
|
||||
if (is_selinux_enabled()) {
|
||||
if (is_selinux_enabled() > 0) {
|
||||
if(uid == 0) {
|
||||
if (checkAccess(pw->pw_name,PASSWD__CHSH)!=0) {
|
||||
security_context_t user_context;
|
||||
|
|
|
@ -36,7 +36,7 @@ int checkAccess(char *chuser, int access) {
|
|||
}
|
||||
|
||||
int setupDefaultContext(char *orig_file) {
|
||||
if (is_selinux_enabled()) {
|
||||
if (is_selinux_enabled() > 0) {
|
||||
security_context_t scontext;
|
||||
|
||||
if (getfilecon(orig_file,&scontext)<0) {
|
||||
|
|
|
@ -195,7 +195,7 @@ pw_unlock(void) {
|
|||
link(orig_file, tmp);
|
||||
|
||||
#ifdef HAVE_LIBSELINUX
|
||||
if (is_selinux_enabled()) {
|
||||
if (is_selinux_enabled() > 0) {
|
||||
security_context_t passwd_context=NULL;
|
||||
int ret=0;
|
||||
if (getfilecon(orig_file,&passwd_context) < 0) {
|
||||
|
|
Loading…
Reference in New Issue