rpms/pam/devel pam-1.0.1-selinux-restore-execcon.patch, NONE, 1.1 pam.spec, 1.177, 1.178
Tomáš Mráz (tmraz)
fedora-extras-commits at redhat.com
Tue Apr 22 19:48:46 UTC 2008
Author: tmraz
Update of /cvs/pkgs/rpms/pam/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21500
Modified Files:
pam.spec
Added Files:
pam-1.0.1-selinux-restore-execcon.patch
Log Message:
* Tue Apr 22 2008 Tomas Mraz <tmraz at redhat.com> 1.0.1-2
- pam_selinux: restore execcon properly (#443667)
pam-1.0.1-selinux-restore-execcon.patch:
--- NEW FILE pam-1.0.1-selinux-restore-execcon.patch ---
diff -up Linux-PAM-1.0.1/modules/pam_selinux/pam_selinux.c.restore-execcon Linux-PAM-1.0.1/modules/pam_selinux/pam_selinux.c
--- Linux-PAM-1.0.1/modules/pam_selinux/pam_selinux.c.restore-execcon 2008-03-20 18:06:32.000000000 +0100
+++ Linux-PAM-1.0.1/modules/pam_selinux/pam_selinux.c 2008-04-22 21:11:34.000000000 +0200
@@ -702,21 +702,21 @@ pam_sm_close_session(pam_handle_t *pamh,
free(ttyn);
ttyn=NULL;
}
- if (prev_user_context) {
- if (setexeccon(prev_user_context)) {
+
+ if (setexeccon(prev_user_context)) {
pam_syslog(pamh, LOG_ERR, "Unable to restore executable context %s.",
- prev_user_context);
+ prev_user_context ? prev_user_context : "");
if (security_getenforce() == 1)
status = PAM_AUTH_ERR;
else
status = PAM_SUCCESS;
- }
+ } else if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "Executable context back to original");
+
+ if (prev_user_context) {
freecon(prev_user_context);
prev_user_context = NULL;
}
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "setcontext back to orginal");
-
return status;
}
Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/pam.spec,v
retrieving revision 1.177
retrieving revision 1.178
diff -u -r1.177 -r1.178
--- pam.spec 18 Apr 2008 08:43:42 -0000 1.177
+++ pam.spec 22 Apr 2008 19:48:10 -0000 1.178
@@ -5,7 +5,7 @@
Summary: A security tool which provides authentication for applications
Name: pam
Version: 1.0.1
-Release: 1%{?dist}
+Release: 2%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
# pam_rhosts_auth module is BSD with advertising
@@ -26,6 +26,7 @@
Patch2: db-4.6.18-glibc.patch
Patch4: pam-0.99.8.1-dbpam.patch
Patch10: pam-1.0.0-sepermit-screensaver.patch
+Patch11: pam-1.0.1-selinux-restore-execcon.patch
Patch21: pam-0.99.10.0-unix-audit-failed.patch
Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
Patch32: pam-0.99.3.0-tally-fail-close.patch
@@ -102,6 +103,7 @@
popd
%patch4 -p1 -b .dbpam
%patch10 -p1 -b .screensaver
+%patch11 -p1 -b .restore-execcon
%patch21 -p1 -b .audit-failed
%patch31 -p1 -b .try-first-pass
%patch32 -p1 -b .fail-close
@@ -374,6 +376,9 @@
%doc doc/adg/*.txt doc/adg/html
%changelog
+* Tue Apr 22 2008 Tomas Mraz <tmraz at redhat.com> 1.0.1-2
+- pam_selinux: restore execcon properly (#443667)
+
* Fri Apr 18 2008 Tomas Mraz <tmraz at redhat.com> 1.0.1-1
- upgrade to new upstream release (one bugfix only)
- fix pam_sepermit use in screensavers
More information about the fedora-extras-commits
mailing list