rpms/krb5/devel krb5-1.7-selinux-label.patch,1.6,1.7

Nalin Dahyabhai nalin at fedoraproject.org
Thu Dec 3 23:17:28 UTC 2009 

Author: nalin

Update of /cvs/extras/rpms/krb5/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29315

Modified Files:
	krb5-1.7-selinux-label.patch 
Log Message:
- selinux: set the user part of creation context to match the current
  context instead of what we looked up


krb5-1.7-selinux-label.patch:
 aclocal.m4                                      |   51 +++
 appl/bsd/configure.in                           |    1 
 appl/gssftp/configure.in                        |    1 
 appl/telnet/configure.in                        |    1 
 config/pre.in                                   |    3 
 configure.in                                    |    2 
 include/autoconf.h.in                           |   13 
 include/k5-int.h                                |    1 
 include/k5-label.h                              |   27 +
 include/krb5/krb5.hin                           |    6 
 kadmin/dbutil/dump.c                            |    2 
 krb5-config.in                                  |    3 
 lib/kadm5/logger.c                              |    4 
 lib/krb5/keytab/kt_file.c                       |    4 
 plugins/kdb/db2/adb_openclose.c                 |    2 
 plugins/kdb/db2/kdb_db2.c                       |    4 
 plugins/kdb/db2/libdb2/btree/bt_open.c          |    3 
 plugins/kdb/db2/libdb2/hash/hash.c              |    3 
 plugins/kdb/db2/libdb2/recno/rec_open.c         |    3 
 plugins/kdb/db2/libdb2/test/Makefile.in         |    3 
 plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c |   12 
 slave/kpropd.c                                  |    2 
 util/profile/prof_file.c                        |    3 
 util/support/Makefile.in                        |    3 
 util/support/selinux.c                          |  340 ++++++++++++++++++++++++
 25 files changed, 474 insertions(+), 23 deletions(-)

Index: krb5-1.7-selinux-label.patch
===================================================================
RCS file: /cvs/extras/rpms/krb5/devel/krb5-1.7-selinux-label.patch,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -p -r1.6 -r1.7
--- krb5-1.7-selinux-label.patch	23 Oct 2009 20:29:53 -0000	1.6
+++ krb5-1.7-selinux-label.patch	3 Dec 2009 23:17:28 -0000	1.7
@@ -541,7 +541,7 @@ diff -up krb5-1.7/src/util/support/Makef
 diff -up /dev/null krb5-1.7/src/util/support/selinux.c
 --- /dev/null	2009-06-04 10:34:55.169007373 -0400
 +++ krb5-1.7/src/util/support/selinux.c	2009-06-04 13:47:20.000000000 -0400
-@@ -0,0 +1,314 @@
+@@ -0,0 +1,340 @@
 +/*
 + * Copyright 2007,2008,2009 Red Hat, Inc.  All Rights Reserved.
 + *
@@ -593,6 +593,7 @@ diff -up /dev/null krb5-1.7/src/util/sup
 +#include <string.h>
 +#include <unistd.h>
 +#include <selinux/selinux.h>
++#include <selinux/context.h>
 +#ifdef HAVE_SELINUX_LABEL_H
 +#include <selinux/label.h>
 +#endif
@@ -613,8 +614,9 @@ diff -up /dev/null krb5-1.7/src/util/sup
 +static security_context_t
 +push_fscreatecon(const char *pathname, mode_t mode)
 +{
-+	security_context_t previous, next;
-+	const char *fullpath;
++	security_context_t previous, configuredsc, currentsc, derivedsc;
++	context_t current, derived;
++	const char *fullpath, *currentuser;
 +#ifdef HAVE_SELINUX_LABEL_H
 +	struct selabel_handle *ctx;
 +#endif
@@ -650,17 +652,17 @@ diff -up /dev/null krb5-1.7/src/util/sup
 +			} else {
 +				fullpath = pathname;
 +			}
-+			next = NULL;
 +#ifdef DEBUG
 +			if (isatty(fileno(stderr))) {
 +				fprintf(stderr, "Looking up context for "
 +					"\"%s\"(%05o).\n", fullpath, mode);
 +			}
 +#endif
++			configuredsc = NULL;
 +#ifdef HAVE_SELINUX_LABEL_H
 +			ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0);
 +			if (ctx != NULL) {
-+				if (selabel_lookup(ctx, &next,
++				if (selabel_lookup(ctx, &configuredsc,
 +						   fullpath, mode) != 0) {
 +					selabel_close(ctx);
 +					free(genpath);
@@ -672,7 +674,7 @@ diff -up /dev/null krb5-1.7/src/util/sup
 +				selabel_close(ctx);
 +			}
 +#else
-+			if (matchpathcon(fullpath, mode, &next) != 0) {
++			if (matchpathcon(fullpath, mode, &configuredsc) != 0) {
 +				free(genpath);
 +				if (previous != NULL) {
 +					freecon(previous);
@@ -681,20 +683,44 @@ diff -up /dev/null krb5-1.7/src/util/sup
 +			}
 +#endif
 +			free(genpath);
++			currentsc = NULL;
++			getcon(&currentsc);
++			if (currentsc != NULL) {
++				derived = context_new(configuredsc);
++				if (derived != NULL) {
++					current = context_new(currentsc);
++					if (current != NULL) {
++						currentuser = context_user_get(current);
++						if (currentuser != NULL) {
++							if (context_user_set(derived,
++									     currentuser) == 0) {
++								derivedsc = context_str(derived);
++								if (derivedsc != NULL) {
++									freecon(configuredsc);
++									configuredsc = strdup(derivedsc);
++								}
++							}
++						}
++						context_free(current);
++					}
++					context_free(derived);
++				}
++				freecon(currentsc);
++			}
 +#ifdef DEBUG
 +			if (isatty(fileno(stderr))) {
 +				fprintf(stderr, "Setting file creation context "
-+					"to \"%s\".\n", next);
++					"to \"%s\".\n", configured);
 +			}
 +#endif
-+			if (setfscreatecon(next) != 0) {
-+				freecon(next);
++			if (setfscreatecon(configuredsc) != 0) {
++				freecon(configuredsc);
 +				if (previous != NULL) {
 +					freecon(previous);
 +				}
 +				return NULL;
 +			}
-+			freecon(next);
++			freecon(configuredsc);
 +#ifdef DEBUG
 +		} else {
 +			if (isatty(fileno(stderr))) {

More information about the fedora-extras-commits mailing list