On Sun, Aug 3, 2008 at 09:30:37 +1000, Russell Coker wrote:
> +#ifdef HAVE_SELINUX
> +/* This should be run just before we exec the user session. */
> +static int
> +xdm_selinux_setup (const char *login)
> + {
> + security_context_t scontext;
> + int ret = -1;
> + char *seuser=NULL;
> + char *level=NULL;
> +
> + /* If SELinux is not enabled, then we don't do anything. */
> + if ( is_selinux_enabled () <= 0)
> + return TRUE;
> +
> + if (getseuserbyname(login, &seuser, &level) == 0)
> + ret=get_default_context_with_level(seuser, level, 0, &scontext);
> + if (ret < 0 || scontext == NULL) {
> + LogError ("SELinux: unable to obtain default security context
> for %s\n", login);
> + return FALSE;
> + }
> +
> + if (setexeccon (scontext) != 0) {
> + freecon (scontext);
> + LogError ("SELinux: unable to set executable context %s\n",
> + (char *)scontext);
> + return FALSE;
> + }
> +
> + freecon (scontext);
> + return TRUE;
> +}
> +#endif /* HAVE_SELINUX */
> +
Looks like seuser and level are never freed. Am I missing something?
Cheers,
Julien
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
