rpms/vixie-cron/F-8 selinux.perm.patch, NONE, 1.1 vixie-cron.spec, 1.110, 1.111
Marcela Mašláňová (mmaslano)
fedora-extras-commits at redhat.com
Wed Jan 30 15:28:04 UTC 2008
Author: mmaslano
Update of /cvs/pkgs/rpms/vixie-cron/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13586
Modified Files:
vixie-cron.spec
Added Files:
selinux.perm.patch
Log Message:
- 426704 using get_default_context() instead of getseuserbyname
selinux.perm.patch:
--- NEW FILE selinux.perm.patch ---
diff -up vixie-cron-4.2/src/user.c.selinux vixie-cron-4.2/src/user.c
--- vixie-cron-4.2/src/user.c.selinux 2007-08-28 09:29:05.000000000 +0200
+++ vixie-cron-4.2/src/user.c 2008-01-30 14:39:57.000000000 +0100
@@ -84,7 +84,7 @@ load_user(int crontab_fd, struct passwd
return (NULL);
}
- if (get_security_context(pw == NULL ? "system_u" : uname,
+ if (get_security_context(pw == NULL ? NULL : uname,
crontab_fd,
&u->scontext, tabname) != 0) {
free_user(u);
diff -up vixie-cron-4.2/src/security.c.selinux vixie-cron-4.2/src/security.c
--- vixie-cron-4.2/src/security.c.selinux 2008-01-30 14:39:57.000000000 +0100
+++ vixie-cron-4.2/src/security.c 2008-01-30 14:43:24.000000000 +0100
@@ -459,24 +459,26 @@ int get_security_context( const char *na
if (is_selinux_enabled() <= 0)
return 0;
- if (getseuserbyname(name, &seuser, &level) == 0) {
- retval=get_default_context_with_level(seuser, level, NULL, &scontext);
- free(seuser);
- free(level);
- if (retval) {
- if (security_getenforce() > 0) {
- log_it(name, getpid(), "No SELinux security context",tabname);
- return -1;
- } else {
- log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
- return 0;
- }
- }
- } else {
- log_it(name, getpid(), "getseusername FAILED", name);
- return (security_getenforce() > 0);
+ if (name != NULL) {
+ if (getseuserbyname(name, &seuser, &level) < 0) {
+ log_it(name, getpid(), "getseuserbyname FAILED", name);
+ return (security_getenforce() > 0);
+ }
}
-
+
+ retval=get_default_context_with_level(name == NULL ? "system_u" : seuser, level, NULL, &scontext);
+ free(seuser);
+ free(level);
+ if (retval) {
+ if (security_getenforce() > 0) {
+ log_it(name, getpid(), "No SELinux security context",tabname);
+ return -1;
+ } else {
+ log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
+ return 0;
+ }
+ }
+
if (fgetfilecon(crontab_fd, &file_context) < OK) {
if (security_getenforce() > 0) {
log_it(name, getpid(), "getfilecon FAILED", tabname);
Index: vixie-cron.spec
===================================================================
RCS file: /cvs/pkgs/rpms/vixie-cron/F-8/vixie-cron.spec,v
retrieving revision 1.110
retrieving revision 1.111
diff -u -r1.110 -r1.111
--- vixie-cron.spec 30 Nov 2007 16:04:51 -0000 1.110
+++ vixie-cron.spec 30 Jan 2008 15:27:28 -0000 1.111
@@ -10,7 +10,7 @@
Summary: The Vixie cron daemon for executing specified programs at set times
Name: vixie-cron
Version: 4.2
-Release: 6%{?dist}
+Release: 7%{?dist}
Epoch: 4
License: BSD
Group: System Environment/Base
@@ -19,6 +19,7 @@
Patch1: mailpath.patch
Patch2: cred.patch
Patch3: configure.patch
+Patch4: selinux.perm.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: syslog, bash >= 2.0
@@ -57,6 +58,7 @@
%patch1 -p1 -b .mailpath
%patch2 -p1 -b .cred
%patch3 -p1 -b .conf
+%patch4 -p1 -b .selinux
aclocal
autoheader
@@ -141,6 +143,9 @@
%doc %{_datadir}/doc/cron/*
%changelog
+* Mon Jan 28 2008 Marcela Maslanova <mmaslano at redhat.com> - 4:4.2-7
+- 426704 using get_default_context() instead of getseuserbyname
+
* Fri Nov 30 2007 Marcela Maslanova <mmaslano at redhat.com> - 4:4.2-6
- delete old macro, which made incorrect time format of non sendmails
mails, add pam credentials back
More information about the fedora-extras-commits
mailing list