rpms/logrotate/F-8 logrotate-3.7.6-selinux.patch, NONE, 1.1 logrotate.spec, 1.67, 1.68

Tomas Smetana (tsmetana) fedora-extras-commits at redhat.com
Wed Jan 9 09:13:36 UTC 2008 

Author: tsmetana

Update of /cvs/pkgs/rpms/logrotate/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16050

Modified Files:
	logrotate.spec 
Added Files:
	logrotate-3.7.6-selinux.patch 
Log Message:
* Wed Jan 09 2008 Tomas Smetana <tsmetana at redhat.com> 3.7.6-2
- fix #427274 - logrotate fails to preserve SELinux file contexts
- fix #427661 - SELinux stops vsftpd from working correctly


logrotate-3.7.6-selinux.patch:

--- NEW FILE logrotate-3.7.6-selinux.patch ---
Written-by: Tomas Smetana <tsmetana at redhat.com>

diff -up logrotate-3.7.6/logrotate.c.selinux logrotate-3.7.6/logrotate.c
--- logrotate-3.7.6/logrotate.c.selinux	2008-01-09 09:37:16.000000000 +0100
+++ logrotate-3.7.6/logrotate.c	2008-01-09 09:39:05.000000000 +0100
@@ -899,6 +899,9 @@ int rotateSingleLog(logInfo * log, int l
     int hasErrors = 0;
     struct stat sb;
     int fd;
+#ifdef WITH_SELINUX
+	security_context_t savedContext;
+#endif
 
     if (!state->doRotate)
 	return 0;
@@ -906,7 +909,51 @@ int rotateSingleLog(logInfo * log, int l
     if (!hasErrors) {
 
 	if (!(log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))) {
-	    message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
+#ifdef WITH_SELINUX
+		if (selinux_enabled) {
+			security_context_t oldContext;
+			int fdcurr = -1;
+
+			if ((fdcurr = open(log->files[logNum], O_RDWR)) < 0) {
+				message(MESS_ERROR, "error opening %s: %s\n",
+						log->files[logNum],
+					strerror(errno));
+				return 1;
+			}
+			if (fgetfilecon_raw(fdcurr, &oldContext) >= 0) {
+				if (getfscreatecon_raw(&savedContext) < 0) {
+					message(MESS_ERROR,
+						"getting default context: %s\n",
+						strerror(errno));
+					if (selinux_enforce) {
+						freecon(oldContext);
+						return 1;
+					}
+				}
+				if (setfscreatecon_raw(oldContext) < 0) {
+					message(MESS_ERROR,
+						"setting file context %s to %s: %s\n",
+						log->files[logNum], oldContext, strerror(errno));
+					if (selinux_enforce) {
+					freecon(oldContext);
+					return 1;
+					}
+				}
+				message(MESS_DEBUG, "fscreate context set to %s\n",
+						oldContext);
+				freecon(oldContext);
+			} else {
+				if (errno != ENOTSUP) {
+					message(MESS_ERROR, "getting file context %s: %s\n",
+						log->files[logNum], strerror(errno));
+					if (selinux_enforce) {
+						return 1;
+					}
+				}
+			}
+		}
+#endif
+		message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
 		    rotNames->finalName);
 
 	    if (!debug && !hasErrors &&
@@ -961,6 +1008,15 @@ int rotateSingleLog(logInfo * log, int l
                     close(fd);
 	    }
 	}
+#ifdef WITH_SELINUX
+	if (selinux_enabled) {
+	    setfscreatecon_raw(savedContext);
+	    if (prev_context != NULL) {
+			freecon(prev_context);
+			prev_context = NULL;
+	    }
+	}
+#endif
 
 	if (!hasErrors
 	    && log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))


Index: logrotate.spec
===================================================================
RCS file: /cvs/pkgs/rpms/logrotate/F-8/logrotate.spec,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- logrotate.spec	27 Sep 2007 06:54:13 -0000	1.67
+++ logrotate.spec	9 Jan 2008 09:12:32 -0000	1.68
@@ -1,7 +1,7 @@
 Summary: Rotates, compresses, removes and mails system log files
 Name: logrotate
 Version: 3.7.6
-Release: 1.3%{?dist}
+Release: 2%{?dist}
 License: GPL+
 Group: System Environment/Base
 # The source for this package was pulled from cvs.
@@ -12,6 +12,7 @@
 #  cd logrotate
 #  make create-archive
 Source: logrotate-%{version}.tar.gz
+Patch1: logrotate-3.7.6-selinux.patch
 Requires: coreutils >= 5.92 libsepol libselinux popt
 BuildRequires: libselinux-devel popt-devel
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -29,6 +30,7 @@
 
 %prep
 %setup -q
+%patch1 -p1 -b .selinux
 
 %build
 make %{?_smp_mflags} RPM_OPT_FLAGS="$RPM_OPT_FLAGS" WITH_SELINUX=yes
@@ -58,6 +60,10 @@
 %attr(0644, root, root) %verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/logrotate.status
 
 %changelog
+* Wed Jan 09 2008 Tomas Smetana <tsmetana at redhat.com> 3.7.6-2
+- fix #427274 - logrotate fails to preserve SELinux file contexts
+- fix #427661 - SELinux stops vsftpd from working correctly
+
 * Thu Sep 27 2007 Tomas Smetana <tsmetana at redhat.com> 3.7.6-1.3
 - popt-devel dependency was still missing

More information about the fedora-extras-commits mailing list