Skip to content

Commit

Permalink
SELINUX_CHILD: fail immediately if set-id fails
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexey-tikhonov
alexey-tikhonov committed Dec 12, 2024
1 parent 132d208 commit 8858fcd
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/providers/ipa/selinux_child.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -377,8 +377,8 @@ int main(int argc, const char *argv[])
ret = setresuid(0, 0, -1);
if (ret == -1) {
ret = errno;
DEBUG(SSSDBG_CRIT_FAILURE,
"setuid() failed: %d, selinux_child might not work!\n", ret);
DEBUG(SSSDBG_CRIT_FAILURE, "setresuid() failed: %d\n", ret);
goto fail;
}
}
if (getgid() != 0) {
Expand All @@ -387,8 +387,8 @@ int main(int argc, const char *argv[])
ret = setresgid(0, 0, -1);
if (ret == -1) {
ret = errno;
DEBUG(SSSDBG_CRIT_FAILURE,
"setgid() failed: %d, selinux_child might not work!\n", ret);
DEBUG(SSSDBG_CRIT_FAILURE, "setresgid() failed: %d\n", ret);
goto fail;
}
}
sss_drop_all_caps();
Expand Down

0 comments on commit 8858fcd

Please sign in to comment.