| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | --- a/loginutils/login.c |
| 2 | +++ b/loginutils/login.c |
| 3 | @@ -183,13 +183,17 @@ static void die_if_nologin(void) |
| 4 | static void initselinux(char *username, char *full_tty, |
| 5 | security_context_t *user_sid) |
| 6 | { |
| 7 | + char *seuser = NULL, *level = NULL; |
| 8 | security_context_t old_tty_sid, new_tty_sid; |
| 9 | |
| 10 | if (!is_selinux_enabled()) |
| 11 | return; |
| 12 | |
| 13 | - if (get_default_context(username, NULL, user_sid)) { |
| 14 | - bb_error_msg_and_die("can't get SID for %s", username); |
| 15 | + if (getseuserbyname(username, &seuser, &level)) { |
| 16 | + bb_error_msg_and_die("can't get seuser for %s", username); |
| 17 | + } |
| 18 | + if (get_default_context(seuser, NULL, user_sid)) { |
| 19 | + bb_error_msg_and_die("can't get SID for %s", seuser); |
| 20 | } |
| 21 | if (getfilecon(full_tty, &old_tty_sid) < 0) { |
| 22 | bb_perror_msg_and_die("getfilecon(%s) failed", full_tty); |
| 23 | @@ -201,6 +205,11 @@ static void initselinux(char *username, |
| 24 | if (setfilecon(full_tty, new_tty_sid) != 0) { |
| 25 | bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid); |
| 26 | } |
| 27 | + |
| 28 | + if (ENABLE_FEATURE_CLEAN_UP) { |
| 29 | + free(seuser); |
| 30 | + free(level); |
| 31 | + } |
| 32 | } |
| 33 | #endif |
| 34 | |