summaryrefslogtreecommitdiffstats
path: root/lib/libutil
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libutil')
-rw-r--r--lib/libutil/login_class.c27
1 files changed, 27 insertions, 0 deletions
diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
index 3930c03..219db58 100644
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$");
#include <login_cap.h>
#include <paths.h>
#include <sys/rtprio.h>
+#include <sys/mac.h>
static struct login_res {
@@ -317,6 +318,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
#ifndef __NETBSD_SYSCALLS
struct rtprio rtp;
#endif
+ int error;
if (lc == NULL) {
if (pwd != NULL && (lc = login_getpwclass(pwd)) != NULL)
@@ -374,6 +376,31 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
}
}
+ /* Set up the user's MAC label. */
+ if ((flags & LOGIN_SETMAC) && mac_is_present(NULL) == 1) {
+ const char *label_string;
+ mac_t label;
+
+ label_string = login_getcapstr(lc, "label", NULL, NULL);
+ if (label_string != NULL) {
+ if (mac_from_text(&label, label_string) == -1) {
+ syslog(LOG_ERR, "mac_from_text('%s') for %s: %m",
+ pwd->pw_name, label_string);
+ return -1;
+ }
+ if (mac_set_proc(label) == -1)
+ error = errno;
+ else
+ error = 0;
+ mac_free(label);
+ if (error != 0) {
+ syslog(LOG_ERR, "mac_set_proc('%s') for %s: %s",
+ label_string, pwd->pw_name, strerror(error));
+ return -1;
+ }
+ }
+ }
+
/* Set the sessions login */
if ((flags & LOGIN_SETLOGIN) && setlogin(pwd->pw_name) != 0) {
syslog(LOG_ERR, "setlogin(%s): %m", pwd->pw_name);
OpenPOWER on IntegriCloud