diff options
| author | Karel Zak | 2016-06-14 13:15:44 +0200 |
|---|---|---|
| committer | Karel Zak | 2016-06-14 13:38:13 +0200 |
| commit | dd5ef107adfe2c05f7d2e3e3543d3c042868b6fb (patch) | |
| tree | dede936a90a0ad071a24783c7ec4a77db8041116 /login-utils/chfn.c | |
| parent | build-sys: remove global dependence between widechar and ncursesw (diff) | |
| download | kernel-qcow2-util-linux-dd5ef107adfe2c05f7d2e3e3543d3c042868b6fb.tar.gz kernel-qcow2-util-linux-dd5ef107adfe2c05f7d2e3e3543d3c042868b6fb.tar.xz kernel-qcow2-util-linux-dd5ef107adfe2c05f7d2e3e3543d3c042868b6fb.zip | |
chfn: chsh: use selinux_check_passwd_access()
* selinux/av_permissions.h and magic constants are deprecated, the
recommended solution is to use string_to_security_class() and
string_to_av_perm() to get access vector
* it also seems that selinux_check_passwd_access() does exactly the
same as our checkAccess(), let's use it.
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils/chfn.c')
| -rw-r--r-- | login-utils/chfn.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/login-utils/chfn.c b/login-utils/chfn.c index b1c7ea25a..89e6bd7ec 100644 --- a/login-utils/chfn.c +++ b/login-utils/chfn.c @@ -46,7 +46,6 @@ #ifdef HAVE_LIBSELINUX # include <selinux/selinux.h> -# include <selinux/av_permissions.h> # include "selinux_utils.h" #endif @@ -424,7 +423,9 @@ int main(int argc, char **argv) #ifdef HAVE_LIBSELINUX if (is_selinux_enabled() > 0) { if (uid == 0) { - if (checkAccess(ctl.username, PASSWD__CHFN) != 0) { + access_vector_t av = get_access_vector("passwd", "chfn"); + + if (selinux_check_passwd_access(av) != 0) { security_context_t user_context; if (getprevcon(&user_context) < 0) user_context = NULL; |