ch(g)passwd: Check selinux permissions upon startup

The permission also need to be checked before process_root_flag() since that can chroot into non-selinux environment (unavailable selinux mount point for example). Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
author: Martin Kletzander <mkletzan@redhat.com> 2023-03-03 11:46:33 +0100
committer: Iker Pedrosa <ikerpedrosam@gmail.com> 2023-05-31 09:44:25 +0200
commit: 3c7327842cdcebe15caecb84a14c2b6b6eb10560 (patch)
tree: 14d9a4dee2c051b9a831c9ff2efaa668113937d7
parent: b422e3c31691412f0a5404d09f7b328477e23c48 (diff)
2 files changed, 12 insertions, 0 deletions
diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index b750994e..fe4055d8 100644
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -424,6 +424,12 @@ int main (int argc, char **argv)
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
+#ifdef WITH_SELINUX
+	if (check_selinux_permit ("passwd") != 0) {
+		return (E_NOPERM);
+	}
+#endif				/* WITH_SELINUX */
+
 	process_root_flag ("-R", argc, argv);
 
 	process_flags (argc, argv);
diff --git a/src/chpasswd.c b/src/chpasswd.c
index 4a04c4f4..3cfd611e 100644
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -452,6 +452,12 @@ int main (int argc, char **argv)
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
+#ifdef WITH_SELINUX
+	if (check_selinux_permit ("passwd") != 0) {
+		return (E_NOPERM);
+	}
+#endif				/* WITH_SELINUX */
+
 	process_flags (argc, argv);
 
 	salt = get_salt();
author	Martin Kletzander <mkletzan@redhat.com>	2023-03-03 11:46:33 +0100
committer	Iker Pedrosa <ikerpedrosam@gmail.com>	2023-05-31 09:44:25 +0200
commit	3c7327842cdcebe15caecb84a14c2b6b6eb10560 (patch)
tree	14d9a4dee2c051b9a831c9ff2efaa668113937d7
parent	b422e3c31691412f0a5404d09f7b328477e23c48 (diff)