rpms/dbus/F-12 dbus-1.2.16-capability.patch, NONE, 1.1 dbus.spec, 1.175, 1.176
Matthias Clasen
mclasen at fedoraproject.org
Wed Oct 7 22:22:58 UTC 2009
Author: mclasen
Update of /cvs/pkgs/rpms/dbus/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11313
Modified Files:
dbus.spec
Added Files:
dbus-1.2.16-capability.patch
Log Message:
Drop capabilities
dbus-1.2.16-capability.patch:
bus/selinux.c | 15 +++-
configure.in | 4 -
dbus/dbus-sysdeps-util-unix.c | 135 ++++++++----------------------------------
3 files changed, 40 insertions(+), 114 deletions(-)
--- NEW FILE dbus-1.2.16-capability.patch ---
diff -urp dbus-1.2.16.orig/bus/selinux.c dbus-1.2.16/bus/selinux.c
--- dbus-1.2.16.orig/bus/selinux.c 2009-10-03 08:46:51.000000000 -0400
+++ dbus-1.2.16/bus/selinux.c 2009-10-03 08:47:26.000000000 -0400
@@ -45,6 +45,7 @@
#include <stdarg.h>
#include <stdio.h>
#ifdef HAVE_LIBAUDIT
+#include <cap-ng.h>
#include <libaudit.h>
#endif /* HAVE_LIBAUDIT */
#endif /* HAVE_SELINUX */
@@ -143,13 +144,17 @@ log_callback (const char *fmt, ...)
#ifdef HAVE_LIBAUDIT
if (audit_fd >= 0)
{
- char buf[PATH_MAX*2];
+ capng_get_caps_process();
+ if (capng_have_capability(CAPNG_EFFECTIVE, CAP_AUDIT_WRITE))
+ {
+ char buf[PATH_MAX*2];
- /* FIXME: need to change this to show real user */
- vsnprintf(buf, sizeof(buf), fmt, ap);
- audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
+ /* FIXME: need to change this to show real user */
+ vsnprintf(buf, sizeof(buf), fmt, ap);
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
NULL, getuid());
- return;
+ return;
+ }
}
#endif /* HAVE_LIBAUDIT */
diff -urp dbus-1.2.16.orig/configure.in dbus-1.2.16/configure.in
--- dbus-1.2.16.orig/configure.in 2009-10-03 08:46:51.000000000 -0400
+++ dbus-1.2.16/configure.in 2009-10-03 08:47:26.000000000 -0400
@@ -844,7 +844,7 @@ else
AC_CHECK_LIB(audit, audit_log_user_avc_message,
have_libaudit=yes, have_libaudit=no)
if test x$have_libaudit = xyes ; then
- AC_CHECK_LIB(cap, cap_set_proc,
+ AC_CHECK_LIB(cap-ng, capng_clear,
have_libaudit=yes, have_libaudit=no)
fi
fi
@@ -853,7 +853,7 @@ AM_CONDITIONAL(HAVE_LIBAUDIT, test x$hav
if test x$have_libaudit = xyes ; then
SELINUX_LIBS="$SELINUX_LIBS -laudit"
- LIBS="-lcap $LIBS"
+ LIBS="-lcap-ng $LIBS"
AC_DEFINE(HAVE_LIBAUDIT,1,[audit daemon SELinux support])
fi
diff -urp dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c dbus-1.2.16/dbus/dbus-sysdeps-util-unix.c
--- dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c 2009-10-03 08:46:51.000000000 -0400
+++ dbus-1.2.16/dbus/dbus-sysdeps-util-unix.c 2009-10-03 08:52:14.000000000 -0400
@@ -46,8 +46,7 @@
#include <syslog.h>
#include <syslog.h>
#ifdef HAVE_LIBAUDIT
-#include <sys/prctl.h>
-#include <sys/capability.h>
+#include <cap-ng.h>
#include <libaudit.h>
#endif /* HAVE_LIBAUDIT */
@@ -323,10 +322,6 @@ _dbus_change_to_daemon_user (const char
dbus_uid_t uid;
dbus_gid_t gid;
DBusString u;
-#ifdef HAVE_LIBAUDIT
- dbus_bool_t we_were_root;
- cap_t new_caps;
-#endif
_dbus_string_init_const (&u, user);
@@ -339,123 +334,49 @@ _dbus_change_to_daemon_user (const char
}
#ifdef HAVE_LIBAUDIT
- we_were_root = _dbus_geteuid () == 0;
- new_caps = NULL;
- /* have a tmp set of caps that we use to transition to the usr/grp dbus should
- * run as ... doesn't really help. But keeps people happy.
- */
-
- if (we_were_root)
+ /* If we were root */
+ if (_dbus_geteuid () == 0)
{
- cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE };
- cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID };
- cap_t tmp_caps = cap_init();
-
- if (!tmp_caps || !(new_caps = cap_init ()))
- {
- dbus_set_error (error, DBUS_ERROR_FAILED,
- "Failed to initialize drop of capabilities: %s\n",
- _dbus_strerror (errno));
-
- if (tmp_caps)
- cap_free (tmp_caps);
+ int rc;
- return FALSE;
- }
-
- /* assume these work... */
- cap_set_flag (new_caps, CAP_PERMITTED, 1, new_cap_list, CAP_SET);
- cap_set_flag (new_caps, CAP_EFFECTIVE, 1, new_cap_list, CAP_SET);
- cap_set_flag (tmp_caps, CAP_PERMITTED, 3, tmp_cap_list, CAP_SET);
- cap_set_flag (tmp_caps, CAP_EFFECTIVE, 3, tmp_cap_list, CAP_SET);
-
- if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
+ capng_clear(CAPNG_SELECT_BOTH);
+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+ CAP_AUDIT_WRITE);
+ rc = capng_change_id(uid, gid, 0);
+ if (rc)
{
- dbus_set_error (error, _dbus_error_from_errno (errno),
- "Failed to set keep-capabilities: %s\n",
- _dbus_strerror (errno));
- cap_free (tmp_caps);
- goto fail;
- }
-
- if (cap_set_proc (tmp_caps) == -1)
- {
- dbus_set_error (error, DBUS_ERROR_FAILED,
+ switch (rc) {
+ default:
+ dbus_set_error (error, DBUS_ERROR_FAILED,
"Failed to drop capabilities: %s\n",
_dbus_strerror (errno));
- cap_free (tmp_caps);
- goto fail;
- }
- cap_free (tmp_caps);
- }
-#endif /* HAVE_LIBAUDIT */
-
- /* setgroups() only works if we are a privileged process,
- * so we don't return error on failure; the only possible
- * failure is that we don't have perms to do it.
- *
- * not sure this is right, maybe if setuid()
- * is going to work then setgroups() should also work.
- */
- if (setgroups (0, NULL) < 0)
- _dbus_warn ("Failed to drop supplementary groups: %s\n",
- _dbus_strerror (errno));
-
- /* Set GID first, or the setuid may remove our permission
- * to change the GID
- */
- if (setgid (gid) < 0)
- {
- dbus_set_error (error, _dbus_error_from_errno (errno),
+ break;
+ case -4:
+ dbus_set_error (error, _dbus_error_from_errno (errno),
"Failed to set GID to %lu: %s", gid,
_dbus_strerror (errno));
- goto fail;
- }
-
- if (setuid (uid) < 0)
- {
- dbus_set_error (error, _dbus_error_from_errno (errno),
+ break;
+ case -5:
+ _dbus_warn ("Failed to drop supplementary groups: %s\n",
+ _dbus_strerror (errno));
+ break;
+ case -6:
+ dbus_set_error (error, _dbus_error_from_errno (errno),
"Failed to set UID to %lu: %s", uid,
_dbus_strerror (errno));
- goto fail;
- }
-
-#ifdef HAVE_LIBAUDIT
- if (we_were_root)
- {
- if (cap_set_proc (new_caps))
- {
- dbus_set_error (error, DBUS_ERROR_FAILED,
- "Failed to drop capabilities: %s\n",
- _dbus_strerror (errno));
- goto fail;
- }
- cap_free (new_caps);
-
- /* should always work, if it did above */
- if (prctl (PR_SET_KEEPCAPS, 0, 0, 0, 0) == -1)
- {
- dbus_set_error (error, _dbus_error_from_errno (errno),
+ break;
+ case -7:
+ dbus_set_error (error, _dbus_error_from_errno (errno),
"Failed to unset keep-capabilities: %s\n",
_dbus_strerror (errno));
+ break;
+ }
return FALSE;
}
}
-#endif
+#endif /* HAVE_LIBAUDIT */
return TRUE;
-
- fail:
-#ifdef HAVE_LIBAUDIT
- if (!we_were_root)
- {
- /* should always work, if it did above */
- prctl (PR_SET_KEEPCAPS, 0, 0, 0, 0);
- cap_free (new_caps);
- }
-#endif
-
- return FALSE;
}
void
Index: dbus.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dbus/F-12/dbus.spec,v
retrieving revision 1.175
retrieving revision 1.176
diff -u -p -r1.175 -r1.176
--- dbus.spec 7 Oct 2009 16:21:54 -0000 1.175
+++ dbus.spec 7 Oct 2009 22:22:57 -0000 1.176
@@ -9,7 +9,7 @@ Summary: D-BUS message bus
Name: dbus
Epoch: 1
Version: 1.2.16
-Release: 7%{?dist}
+Release: 8%{?dist}
URL: http://www.freedesktop.org/software/dbus/
Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
Source1: doxygen_to_devhelp.xsl
@@ -18,14 +18,14 @@ Source3: diagram.png
Source4: diagram.svg
License: GPLv2+ or AFL
Group: System Environment/Libraries
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libtool
BuildRequires: expat-devel >= %{expat_version}
BuildRequires: libselinux-devel >= %{libselinux_version}
BuildRequires: audit-libs-devel >= 0.9
BuildRequires: libX11-devel
-BuildRequires: libcap-devel
+BuildRequires: libcap-ng-devel
BuildRequires: gettext
BuildRequires: doxygen
BuildRequires: xmlto
@@ -46,6 +46,9 @@ Patch1: dbus-1.0.1-generate-xml-docs.pat
# from upstream
Patch2: fix-timeout-accounting.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=518541
+Patch3: dbus-1.2.16-cabability.patch
+
%description
D-BUS is a system for sending messages between applications. It is
used both for the system-wide message bus service, and as a
@@ -100,6 +103,7 @@ in this separate package so server syste
%patch0 -p1 -b .start-early
%patch1 -p1 -b .generate-xml-docs
%patch2 -p1 -b .fix-timeout-accounting
+%patch3 -p1 -b .cabability
autoreconf -f -i
@@ -236,6 +240,9 @@ fi
%{_includedir}/*
%changelog
+* Wed Oct 7 2009 Matthias Clasen <mclasen at redhat.com> - 1:1.2.16-8
+- Drop capabilities (#518541)
+
* Wed Oct 7 2009 Matthias Clasen <mclasen at redhat.com> - 1:1.2.16-7
- Add missing diagrams to the docs (#527650)
More information about the fedora-extras-commits
mailing list