| --- a/loginutils/login.c |
| +++ b/loginutils/login.c |
| @@ -183,13 +183,17 @@ static void die_if_nologin(void) |
| static void initselinux(char *username, char *full_tty, |
| security_context_t *user_sid) |
| { |
| + char *seuser = NULL, *level = NULL; |
| security_context_t old_tty_sid, new_tty_sid; |
| |
| if (!is_selinux_enabled()) |
| return; |
| |
| - if (get_default_context(username, NULL, user_sid)) { |
| - bb_error_msg_and_die("can't get SID for %s", username); |
| + if (getseuserbyname(username, &seuser, &level)) { |
| + bb_error_msg_and_die("can't get seuser for %s", username); |
| + } |
| + if (get_default_context(seuser, NULL, user_sid)) { |
| + bb_error_msg_and_die("can't get SID for %s", seuser); |
| } |
| if (getfilecon(full_tty, &old_tty_sid) < 0) { |
| bb_perror_msg_and_die("getfilecon(%s) failed", full_tty); |
| @@ -201,6 +205,11 @@ static void initselinux(char *username, |
| if (setfilecon(full_tty, new_tty_sid) != 0) { |
| bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid); |
| } |
| + |
| + if (ENABLE_FEATURE_CLEAN_UP) { |
| + free(seuser); |
| + free(level); |
| + } |
| } |
| #endif |
| |