rpms/vixie-cron/devel vixie-cron-4.1-getseuserbyname.patch, NONE, 1.1 vixie-cron.spec, 1.55, 1.56

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Oct 14 20:08:12 UTC 2005


Author: dwalsh

Update of /cvs/dist/rpms/vixie-cron/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv14922

Modified Files:
	vixie-cron.spec 
Added Files:
	vixie-cron-4.1-getseuserbyname.patch 
Log Message:
add getseuserbyname support

vixie-cron-4.1-getseuserbyname.patch:
 user.c |   25 ++++++++++++++++++-------
 1 files changed, 18 insertions(+), 7 deletions(-)

--- NEW FILE vixie-cron-4.1-getseuserbyname.patch ---
--- vixie-cron-4.1/user.c~	2005-10-14 14:55:17.000000000 -0400
+++ vixie-cron-4.1/user.c	2005-10-14 15:15:07.000000000 -0400
@@ -44,15 +44,26 @@
 	security_context_t  file_context=NULL;
 	struct av_decision avd;
 	int retval=0;
+	char *seuser=NULL;
+	char *level=NULL;
 	*rcontext = NULL;
-	if (get_default_context(name, NULL, &scontext)) {
-		if (security_getenforce() > 0) {
-			log_it(name, getpid(), "No SELinux security context",tabname);
-			return -1;
-		} else {
-			log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
-			return 0;
+
+	if (getseuserbyname(name, &seuser, &level) == 0) {
+		retval=get_default_context_with_level(seuser, level, NULL, &scontext);
+		free(seuser);
+		free(level);
+		if (retval) {
+			if (security_getenforce() > 0) {
+				log_it(name, getpid(), "No SELinux security context",tabname);
+				return -1;
+			} else {
+				log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
+				return 0;
+			}
 		}
+	} else {
+		log_it(name, getpid(), "getseusername FAILED", name);
+		return (security_getenforce() > 0);
 	}
 	
 	if (fgetfilecon(crontab_fd, &file_context) < OK) {


Index: vixie-cron.spec
===================================================================
RCS file: /cvs/dist/rpms/vixie-cron/devel/vixie-cron.spec,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- vixie-cron.spec	14 Oct 2005 18:40:43 -0000	1.55
+++ vixie-cron.spec	14 Oct 2005 20:08:07 -0000	1.56
@@ -1,13 +1,11 @@
-%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
 %define WITH_SELINUX 1
-%endif
 %if %{?WITH_PAM:0}%{!?WITH_PAM:1}
 %define WITH_PAM 1
 %endif
 Summary: The Vixie cron daemon for executing specified programs at set times.
 Name: vixie-cron
 Version: 4.1
-Release: 39.FC5
+Release: 40.FC5
 Epoch:   4
 License: distributable
 Group:   System Environment/Base
@@ -56,13 +54,12 @@
 Patch39: vixie-cron-4.1-loginuid.patch
 Patch40: vixie_cron-4.1-162887.patch
 Patch41: vixie-cron-4.1-CAN-2005-1038-fix-race.patch
+Patch42: vixie-cron-4.1-getseuserbyname.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-root
 Requires: sysklogd >= 1.3.33-6, bash >= 2.0
-%if %{WITH_SELINUX}
 Requires: libselinux >= 1.25.2-1
 Buildrequires: libselinux-devel >= 1.25.2-1
-%endif
 %if %{WITH_PAM}
 Requires: pam >= 0.77-66.8
 Buildrequires: pam-devel
@@ -89,11 +86,7 @@
 %patch8 -p1 -b .root-allowed
 %patch9 -p1 -b .no-header
 %patch10 -p1 -b .manpages
-%if %{WITH_SELINUX}
-#SELinux
-# Enables SELinux support
 %patch11 -p1 -b .with_selinux
-%endif
 %patch12 -p1 -b .pam
 %if %{WITH_PAM}
 %patch13 -p1 -b .with_pam
@@ -107,10 +100,8 @@
 %patch20 -p1 -b .nickname_man
 %patch21 -p1 -b -i_option
 %patch22 -p1 -b .no_0600_mode_enforce
-%if %{WITH_SELINUX}
 %patch23 -p1 -b .freecon_segv
 %patch24 -p1 -b .selinux_crontab_new
-%endif
 %patch25 -p1 -b .allow-root-crontab
 %patch26 -p1 -b .saved_uids
 %patch27 -p1 -b .no-strip-header-comments
@@ -128,6 +119,7 @@
 %patch39 -p1 -b .loginuid
 %patch40 -p1 -b .162887
 %patch41 -p1 -b .CAN-2005-1038-fix-race
+%patch42 -p1 -b .getseuserbyname
 
 %build
 make RPM_OPT_FLAGS="$RPM_OPT_FLAGS"
@@ -185,6 +177,9 @@
 %config(noreplace) /etc/sysconfig/crond
 
 %changelog
+* Fri Oct 14 2005 Dan Walsh <dwalsh at redhat.com>  - 4.1-40.FC5
+- Change to use getseuserbyname for selinux
+
 * Fri Oct 14 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-39-FC5
 - fix bug 170830: the last PAM change disabled all cron jobs.
   backing out the new PAM configuration file until I've had a




More information about the fedora-cvs-commits mailing list