rpms/vixie-cron/F-8 selinux.perm.patch, NONE, 1.1 vixie-cron.spec, 1.110, 1.111

Wed Jan 30 15:28:04 UTC 2008

Author: mmaslano

Update of /cvs/pkgs/rpms/vixie-cron/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13586

Modified Files:
	vixie-cron.spec 
Added Files:
	selinux.perm.patch 
Log Message:
- 426704 using get_default_context() instead of getseuserbyname



selinux.perm.patch:

--- NEW FILE selinux.perm.patch ---
diff -up vixie-cron-4.2/src/user.c.selinux vixie-cron-4.2/src/user.c
--- vixie-cron-4.2/src/user.c.selinux	2007-08-28 09:29:05.000000000 +0200
+++ vixie-cron-4.2/src/user.c	2008-01-30 14:39:57.000000000 +0100
@@ -84,7 +84,7 @@ load_user(int crontab_fd, struct passwd	
 		return (NULL);
 	}
 
-	if (get_security_context(pw == NULL ? "system_u" : uname, 
+	if (get_security_context(pw == NULL ? NULL : uname, 
 				 crontab_fd, 
 				 &u->scontext, tabname) != 0) {
 	    free_user(u);
diff -up vixie-cron-4.2/src/security.c.selinux vixie-cron-4.2/src/security.c
--- vixie-cron-4.2/src/security.c.selinux	2008-01-30 14:39:57.000000000 +0100
+++ vixie-cron-4.2/src/security.c	2008-01-30 14:43:24.000000000 +0100
@@ -459,24 +459,26 @@ int get_security_context( const char *na
 	if (is_selinux_enabled() <= 0) 
 	    return 0;
 
-	if (getseuserbyname(name, &seuser, &level) == 0) {
-		retval=get_default_context_with_level(seuser, level, NULL, &scontext);
-		free(seuser);
-		free(level);
-		if (retval) {
-			if (security_getenforce() > 0) {
-				log_it(name, getpid(), "No SELinux security context",tabname);
-				return -1;
-			} else {
-				log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
-				return 0;
-			}
-		}
-	} else {
-		log_it(name, getpid(), "getseusername FAILED", name);
-		return (security_getenforce() > 0);
+	if (name != NULL) {
+		if (getseuserbyname(name, &seuser, &level) < 0) {
+			log_it(name, getpid(), "getseuserbyname FAILED", name);
+	        return (security_getenforce() > 0);
+		}
 	}
-	
+
+	retval=get_default_context_with_level(name == NULL ? "system_u" : seuser, level, NULL, &scontext);
+	free(seuser);
+	free(level);
+	if (retval) {
+		if (security_getenforce() > 0) {
+			log_it(name, getpid(), "No SELinux security context",tabname);
+			return -1;
+		} else {
+			log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
+			return 0;
+		}
+	}
+
 	if (fgetfilecon(crontab_fd, &file_context) < OK) {
 		if (security_getenforce() > 0) {
 			log_it(name, getpid(), "getfilecon FAILED", tabname);


Index: vixie-cron.spec
===================================================================
RCS file: /cvs/pkgs/rpms/vixie-cron/F-8/vixie-cron.spec,v
retrieving revision 1.110
retrieving revision 1.111
diff -u -r1.110 -r1.111
--- vixie-cron.spec	30 Nov 2007 16:04:51 -0000	1.110
+++ vixie-cron.spec	30 Jan 2008 15:27:28 -0000	1.111
@@ -10,7 +10,7 @@
 Summary: The Vixie cron daemon for executing specified programs at set times
 Name: vixie-cron
 Version: 4.2
-Release: 6%{?dist}
+Release: 7%{?dist}
 Epoch: 4
 License: BSD
 Group: System Environment/Base
@@ -19,6 +19,7 @@
 Patch1: mailpath.patch
 Patch2: cred.patch
 Patch3: configure.patch
+Patch4: selinux.perm.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: syslog, bash >= 2.0
@@ -57,6 +58,7 @@
 %patch1 -p1 -b .mailpath
 %patch2 -p1 -b .cred
 %patch3 -p1 -b .conf
+%patch4 -p1 -b .selinux
 
 aclocal
 autoheader
@@ -141,6 +143,9 @@
 %doc %{_datadir}/doc/cron/*
 
 %changelog
+* Mon Jan 28 2008 Marcela Maslanova <mmaslano at redhat.com> - 4:4.2-7
+- 426704 using get_default_context() instead of getseuserbyname
+
 * Fri Nov 30 2007 Marcela Maslanova <mmaslano at redhat.com> - 4:4.2-6
 - delete old macro, which made incorrect time format of non sendmails
 	mails, add pam credentials back


