rpms/cronie/F-12 cronie-pam.patch, NONE, 1.1 cronie-selinux_passwd.patch, NONE, 1.1 cronie.spec, 1.29, 1.30
Marcela Mašláňová
mmaslano at fedoraproject.org
Thu Nov 5 16:09:15 UTC 2009
Author: mmaslano
Update of /cvs/pkgs/rpms/cronie/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6166
Modified Files:
cronie.spec
Added Files:
cronie-pam.patch cronie-selinux_passwd.patch
Log Message:
* Thu Nov 5 2009 Marcela Mašláňová <mmaslano at redhat.com> - 1.4.3-2
- 533189 pam needs add a line and selinux needs defined one function
cronie-pam.patch:
crond | 1 +
1 file changed, 1 insertion(+)
--- NEW FILE cronie-pam.patch ---
diff -up cronie-1.4.3/pam/crond.ppp cronie-1.4.3/pam/crond
--- cronie-1.4.3/pam/crond.ppp 2009-09-25 08:23:18.000000000 +0200
+++ cronie-1.4.3/pam/crond 2009-11-05 16:34:06.000000000 +0100
@@ -7,3 +7,4 @@ account required pam_access.so
account include password-auth
session required pam_loginuid.so
session include password-auth
+auth include password-auth
cronie-selinux_passwd.patch:
security.c | 34 +++++++++++++++++++++++++++++++---
1 file changed, 31 insertions(+), 3 deletions(-)
--- NEW FILE cronie-selinux_passwd.patch ---
diff -up cronie-1.4.3/src/security.c.old cronie-1.4.3/src/security.c
--- cronie-1.4.3/src/security.c.old 2009-09-25 08:23:18.000000000 +0200
+++ cronie-1.4.3/src/security.c 2009-11-05 16:43:13.000000000 +0100
@@ -486,9 +486,37 @@ void free_security_context(security_cont
int crontab_security_access(void) {
#ifdef WITH_SELINUX
- if (is_selinux_enabled() > 0)
- if (selinux_check_passwd_access(PASSWD__CRONTAB) != 0)
- return -1;
+ int selinux_check_passwd_access = -1;
+ if (is_selinux_enabled() > 0) {
+ security_context_t user_context;
+ if (getprevcon_raw(&user_context) == 0) {
+ security_class_t passwd_class;
+ struct av_decision avd;
+ int retval;
+
+ passwd_class = string_to_security_class("passwd");
+ if (passwd_class == 0) {
+ selinux_check_passwd_access = -1;
+ fprintf(stderr, "Security class \"passwd\" is not defined in the SELinux policy.\n");
+ }
+
+ retval = security_compute_av_raw(user_context,
+ user_context,
+ passwd_class,
+ PASSWD__CRONTAB,
+ &avd);
+
+ if ((retval == 0) && ((PASSWD__CRONTAB & avd.allowed) == PASSWD__CRONTAB)) {
+ selinux_check_passwd_access = 0;
+ }
+ freecon(user_context);
+ }
+
+ if (selinux_check_passwd_access != 0 && security_getenforce() == 0)
+ selinux_check_passwd_access = 0;
+
+ return selinux_check_passwd_access;
+ }
#endif
return 0;
}
Index: cronie.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cronie/F-12/cronie.spec,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -p -r1.29 -r1.30
--- cronie.spec 3 Nov 2009 14:44:42 -0000 1.29
+++ cronie.spec 5 Nov 2009 16:09:15 -0000 1.30
@@ -6,11 +6,13 @@
Summary: Cron daemon for executing programs at set times
Name: cronie
Version: 1.4.3
-Release: 1%{?dist}
+Release: 2%{?dist}
License: MIT and BSD and GPLv2
Group: System Environment/Base
URL: https://fedorahosted.org/cronie
Source0: https://fedorahosted.org/releases/c/r/cronie/%{name}-%{version}.tar.gz
+Patch0: cronie-selinux_passwd.patch
+Patch1: cronie-pam.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: syslog, bash >= 2.0
@@ -71,6 +73,8 @@ Old style of {hourly,daily,weekly,monthl
%prep
%setup -q
+%patch0 -p1
+%patch1 -p1
%build
@@ -193,6 +197,9 @@ cp -a /var/lock/subsys/crond /var/lock/s
%attr(0644,root,root) %{_sysconfdir}/cron.d/dailyjobs
%changelog
+* Thu Nov 5 2009 Marcela Mašláňová <mmaslano at redhat.com> - 1.4.3-2
+- 533189 pam needs add a line and selinux needs defined one function
+
* Tue Nov 3 2009 Marcela Mašláňová <mmaslano at redhat.com> - 1.4.3-1
- 531963 and 532482 creating noanacron package
More information about the fedora-extras-commits
mailing list