Using LOGIN_SETALL &~LOGIN_SETMAC to avoid setting the MAC label improperly,
rather than specifically setting the process priority and resource class; otherwise, we improperly set other aspects of the login class. We have a bit more to do here, but the proper fix will probably involve breaking out MAC labels from the login class at some point, as well as further clarifying the logic here. Pointed out by: kuriyama, max
This commit is contained in:
parent
5a28517db0
commit
42c0e331cd
@ -812,7 +812,7 @@ main(int argc, char **argv)
|
||||
}
|
||||
#ifdef LOGIN_CAP
|
||||
if (setusercontext(lc, pwd, pwd->pw_uid,
|
||||
LOGIN_SETRESOURCES | LOGIN_SETPRIORITY)
|
||||
LOGIN_SETALL & ~LOGIN_SETMAC)
|
||||
!= 0) {
|
||||
syslog(LOG_ERR,
|
||||
"%s: can't setusercontext(..%s..): %m",
|
||||
|
Loading…
Reference in New Issue
Block a user