Using LOGIN_SETALL &~LOGIN_SETMAC to avoid setting the MAC label improperly,

rather than specifically setting the process priority and resource class;
otherwise, we improperly set other aspects of the login class.  We have
a bit more to do here, but the proper fix will probably involve breaking
out MAC labels from the login class at some point, as well as further
clarifying the logic here.

Pointed out by:	kuriyama, max
This commit is contained in:
Robert Watson 2003-01-16 03:41:57 +00:00
parent 5a28517db0
commit 42c0e331cd

View File

@ -812,7 +812,7 @@ main(int argc, char **argv)
}
#ifdef LOGIN_CAP
if (setusercontext(lc, pwd, pwd->pw_uid,
LOGIN_SETRESOURCES | LOGIN_SETPRIORITY)
LOGIN_SETALL & ~LOGIN_SETMAC)
!= 0) {
syslog(LOG_ERR,
"%s: can't setusercontext(..%s..): %m",