From: Karel Zak <kzak@redhat.com>
Date: Tue, 1 Jul 2008 12:24:58 +0000 (+0200)
Subject: selinux: is_selinux_enabled() returns 0, 1 and -1
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ba66edf82e03109bd9110682179254d823c58a3;p=util-linux

selinux: is_selinux_enabled() returns 0, 1 and -1

Unfortunately, the current libselinux implementation of
is_selinux_enabled() returns -1 on error. This behavior is
undocumented.

The proper solution is to use "if (is_selinux_enabled() > 0)".

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/disk-utils/mkswap.c b/disk-utils/mkswap.c
index 10068b71..3f58f9c3 100644
--- a/disk-utils/mkswap.c
+++ b/disk-utils/mkswap.c
@@ -746,7 +746,7 @@ use the -f option to force it.\n"),
 #endif
 
 #ifdef HAVE_LIBSELINUX
-	if (S_ISREG(statbuf.st_mode) && is_selinux_enabled()) {
+	if (S_ISREG(statbuf.st_mode) && is_selinux_enabled() > 0) {
 		security_context_t context_string;
 		security_context_t oldcontext;
 		context_t newcontext;
diff --git a/login-utils/chfn.c b/login-utils/chfn.c
index ee0dc312..3ca190f1 100644
--- a/login-utils/chfn.c
+++ b/login-utils/chfn.c
@@ -148,7 +148,7 @@ int main (int argc, char **argv) {
     }
 
 #ifdef HAVE_LIBSELINUX
-    if (is_selinux_enabled()) {
+    if (is_selinux_enabled() > 0) {
       if(uid == 0) {
 	if (checkAccess(oldf.username,PASSWD__CHFN)!=0) {
 	  security_context_t user_context;
diff --git a/login-utils/chsh.c b/login-utils/chsh.c
index d4cc5267..08b1e0d2 100644
--- a/login-utils/chsh.c
+++ b/login-utils/chsh.c
@@ -134,7 +134,7 @@ main (int argc, char *argv[]) {
     }
 
 #ifdef HAVE_LIBSELINUX
-    if (is_selinux_enabled()) {
+    if (is_selinux_enabled() > 0) {
       if(uid == 0) {
 	if (checkAccess(pw->pw_name,PASSWD__CHSH)!=0) {
 	  security_context_t user_context;
diff --git a/login-utils/selinux_utils.c b/login-utils/selinux_utils.c
index fff5eaae..2db5dd3d 100644
--- a/login-utils/selinux_utils.c
+++ b/login-utils/selinux_utils.c
@@ -36,7 +36,7 @@ int checkAccess(char *chuser, int access) {
 }
 
 int setupDefaultContext(char *orig_file) {
-  if (is_selinux_enabled()) {
+  if (is_selinux_enabled() > 0) {
     security_context_t scontext;
     
     if (getfilecon(orig_file,&scontext)<0) {
diff --git a/login-utils/vipw.c b/login-utils/vipw.c
index fea28ac2..5f447211 100644
--- a/login-utils/vipw.c
+++ b/login-utils/vipw.c
@@ -195,7 +195,7 @@ pw_unlock(void) {
 	link(orig_file, tmp);
 
 #ifdef HAVE_LIBSELINUX
-	if (is_selinux_enabled()) {
+	if (is_selinux_enabled() > 0) {
 	  security_context_t passwd_context=NULL;
 	  int ret=0;
 	  if (getfilecon(orig_file,&passwd_context) < 0) {