rpms/dbus/devel dbus-0.61-selinux-avc-audit.patch, NONE, 1.1 .cvsignore, 1.17, 1.18 dbus.spec, 1.70, 1.71 sources, 1.17, 1.18 dbus-0.60-selinux-avc-audit.patch, 1.1, NONE dbus-python-fix-callchain.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Feb 24 20:36:54 UTC 2006
- Previous message (by thread): rpms/fontconfig/devel .cvsignore, 1.20, 1.21 fontconfig.spec, 1.71, 1.72 sources, 1.21, 1.22
- Next message (by thread): rpms/selinux-policy/devel policy-20060207.patch, 1.27, 1.28 selinux-policy.spec, 1.129, 1.130
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: johnp
Update of /cvs/dist/rpms/dbus/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv5777
Modified Files:
.cvsignore dbus.spec sources
Added Files:
dbus-0.61-selinux-avc-audit.patch
Removed Files:
dbus-0.60-selinux-avc-audit.patch
dbus-python-fix-callchain.patch
Log Message:
- Upgrade to upstream version 0.61
- remove python callchain patch
- update avc patch
dbus-0.61-selinux-avc-audit.patch:
bus/selinux.c | 38 ++++++++++++++++++++++++++++++++++++++
configure.in | 22 ++++++++++++++++++++++
dbus/dbus-sysdeps-util.c | 30 ++++++++++++++++++++++++++++++
3 files changed, 90 insertions(+)
--- NEW FILE dbus-0.61-selinux-avc-audit.patch ---
--- dbus-0.61/dbus/dbus-sysdeps-util.c.selinux-avc-audit 2006-02-24 10:46:45.000000000 -0500
+++ dbus-0.61/dbus/dbus-sysdeps-util.c 2006-02-24 14:41:15.000000000 -0500
@@ -42,6 +42,10 @@
#include <sys/socket.h>
#include <dirent.h>
#include <sys/un.h>
+#ifdef HAVE_LIBAUDIT
+#include <sys/prctl.h>
+#include <sys/capability.h>
+#endif /* HAVE_LIBAUDIT */
#ifndef O_BINARY
#define O_BINARY 0
@@ -247,6 +251,12 @@
dbus_gid_t gid,
DBusError *error)
{
+#ifdef HAVE_LIBAUDIT
+ int priv = !getuid();
+ if (priv)
+ prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
+#endif /* HAVE_LIBAUDIT */
+
/* setgroups() only works if we are a privileged process,
* so we don't return error on failure; the only possible
* failure is that we don't have perms to do it.
@@ -265,6 +275,10 @@
dbus_set_error (error, _dbus_error_from_errno (errno),
"Failed to set GID to %lu: %s", gid,
_dbus_strerror (errno));
+#ifdef HAVE_LIBAUDIT
+ if (priv)
+ prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0);
+#endif /* HAVE_LIBAUDIT */
return FALSE;
}
@@ -273,9 +287,25 @@
dbus_set_error (error, _dbus_error_from_errno (errno),
"Failed to set UID to %lu: %s", uid,
_dbus_strerror (errno));
+#ifdef HAVE_LIBAUDIT
+ if (priv)
+ prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0);
+#endif /* HAVE_LIBAUDIT */
return FALSE;
}
+#ifdef HAVE_LIBAUDIT
+ if (priv) {
+ cap_t new_caps;
+ cap_value_t cap_list[] = { CAP_AUDIT_WRITE };
+
+ prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0);
+ new_caps = cap_init();
+ cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET);
+ cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET);
+ cap_set_proc(new_caps);
+ }
+#endif /* HAVE_LIBAUDIT */
return TRUE;
}
--- dbus-0.61/bus/selinux.c.selinux-avc-audit 2006-02-24 14:41:15.000000000 -0500
+++ dbus-0.61/bus/selinux.c 2006-02-24 14:41:15.000000000 -0500
@@ -38,6 +38,9 @@
#include <selinux/flask.h>
#include <signal.h>
#include <stdarg.h>
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#endif /* HAVE_LIBAUDIT */
#endif /* HAVE_SELINUX */
#define BUS_SID_FROM_SELINUX(sid) ((BusSELinuxID*) (sid))
@@ -100,12 +103,40 @@
* @param variable argument list
*/
#ifdef HAVE_SELINUX
+#ifdef HAVE_LIBAUDIT
+static int audit_fd = -1;
+static void audit_init(void)
+{
+ audit_fd = audit_open();
+ if (audit_fd < 0) {
+ /* If kernel doesn't support audit, bail out */
+ if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT)
+ return;
+ /* If user bus, bail out */
+ if (errno == EPERM && getuid() != 0)
+ return;
+ _dbus_warn ("Failed opening connection to the audit subsystem");
+ }
+}
+#endif /* HAVE_LIBAUDIT */
+
static void
log_callback (const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
+#ifdef HAVE_LIBAUDIT
+ {
+ char buf[PATH_MAX*2];
+
+ /* FIXME: need to change this to show real user */
+ vsnprintf(buf, sizeof(buf), fmt, ap);
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
+ NULL, getuid());
+ }
+#else
vsyslog (LOG_INFO, fmt, ap);
+#endif /* HAVE_LIBAUDIT */
va_end(ap);
}
@@ -313,6 +344,10 @@
freecon (bus_context);
+#ifdef HAVE_LIBAUDIT
+ audit_init ();
+#endif /* HAVE_LIBAUDIT */
+
return TRUE;
#else
return TRUE;
@@ -937,6 +972,9 @@
#endif /* DBUS_ENABLE_VERBOSE_MODE */
avc_destroy ();
+#ifdef HAVE_LIBAUDIT
+ audit_close (audit_fd);
+#endif /* HAVE_LIBAUDIT */
}
#endif /* HAVE_SELINUX */
}
--- dbus-0.61/configure.in.selinux-avc-audit 2006-02-24 11:36:29.000000000 -0500
+++ dbus-0.61/configure.in 2006-02-24 14:55:17.000000000 -0500
@@ -67,6 +67,7 @@
AC_ARG_ENABLE(mono_docs, AS_HELP_STRING([--enable-mono-docs],[build mono docs]),enable_mono_docs=$enableval,enable_mono_docs=no)
AC_ARG_ENABLE(python, AS_HELP_STRING([--enable-python],[build python bindings]),enable_python=$enableval,enable_python=auto)
AC_ARG_ENABLE(selinux, AS_HELP_STRING([--enable-selinux],[build with SELinux support]),enable_selinux=$enableval,enable_selinux=auto)
+AC_ARG_ENABLE(libaudit, [ --enable-libaudit build audit daemon support for SELinux],enable_libaudit=$enableval,enable_libaudit=auto)
AC_ARG_ENABLE(dnotify, AS_HELP_STRING([--enable-dnotify],[build with dnotify support (linux only)]),enable_dnotify=$enableval,enable_dnotify=auto)
AC_ARG_WITH(xml, AS_HELP_STRING([--with-xml=[libxml/expat]],[XML library to use]))
@@ -851,6 +852,27 @@
AC_DEFINE(DBUS_BUS_ENABLE_DNOTIFY_ON_LINUX,1,[Use dnotify on Linux])
fi
+# libaudit detection
+if test x$enable_libaudit = xno ; then
+ have_libaudit=no;
+else
+ # See if we have audit daemon & capabilities library
+ AC_CHECK_LIB(audit, audit_log_user_avc_message,
+ have_libaudit=yes, have_libaudit=no)
+ if test x$have_libaudit = xyes ; then
+ AC_CHECK_LIB(cap, cap_set_proc,
+ have_libaudit=yes, have_libaudit=no)
+ fi
+fi
+
+AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
+
+if test x$have_libaudit = xyes ; then
+ SELINUX_LIBS="$SELINUX_LIBS -laudit"
+ LIBS="-lcap $LIBS"
+ AC_DEFINE(HAVE_LIBAUDIT,1,[audit daemon SELinux support])
+fi
+
#### Set up final flags
DBUS_CLIENT_CFLAGS=
DBUS_CLIENT_LIBS=
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/dbus/devel/.cvsignore,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- .cvsignore 1 Dec 2005 19:44:52 -0000 1.17
+++ .cvsignore 24 Feb 2006 20:36:51 -0000 1.18
@@ -10,3 +10,4 @@
dbus-0.36.2.tar.gz
dbus-0.50.tar.gz
dbus-0.60.tar.gz
+dbus-0.61.tar.gz
Index: dbus.spec
===================================================================
RCS file: /cvs/dist/rpms/dbus/devel/dbus.spec,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -r1.70 -r1.71
--- dbus.spec 11 Feb 2006 02:23:43 -0000 1.70
+++ dbus.spec 24 Feb 2006 20:36:51 -0000 1.71
@@ -18,8 +18,8 @@
Summary: D-BUS message bus
Name: dbus
-Version: 0.60
-Release: 7.2
+Version: 0.61
+Release: 1
URL: http://www.freedesktop.org/software/dbus/
Source0: %{name}-%{version}.tar.gz
License: AFL/GPL
@@ -46,9 +46,8 @@
Conflicts: cups < 1:1.1.20-4
Patch1: dbus-0.32-selinux_chroot_workaround.patch
-Patch2: dbus-0.60-selinux-avc-audit.patch
+Patch2: dbus-0.61-selinux-avc-audit.patch
Patch3: dbus-0.60-start-early.patch
-Patch4: dbus-python-fix-callchain.patch
%description
@@ -135,7 +134,6 @@
%patch1 -p1 -b .selinux_chroot_workaround
%patch2 -p1 -b .selinux-avc-audit
%patch3 -p1 -b .start-early
-%patch4 -p0 -b .python-callchain
autoreconf -f -i
@@ -144,7 +142,7 @@
export MONO_SHARED_DIR=%{_builddir}/%{?buildsubdir}
MONO_ARGS="--enable-mono"
%endif
-COMMON_ARGS="--enable-glib=yes --enable-libaudit --enable-selinux=yes --disable-gtk --with-init-scripts=redhat --with-system-pid-file=%{_localstatedir}/run/messagebus.pid --with-dbus-user=%{dbus_user_uid} $MONO_ARGS"
+COMMON_ARGS="--enable-glib=yes --enable-libaudit --enable-selinux=yes --disable-gtk --disable-qt --disable-qt3 --with-init-scripts=redhat --with-system-pid-file=%{_localstatedir}/run/messagebus.pid --with-dbus-user=%{dbus_user_uid} $MONO_ARGS"
if test -d %{_libdir}/qt-%{qt_basever} ; then
export QTDIR=%{_libdir}/qt-%{qt_basever}
@@ -336,6 +334,11 @@
%endif
%changelog
+* Fri Feb 24 2006 John (J5) Palmieri <johnp at redhat.com> 0.61-1
+- Upgrade to upstream version 0.61
+- remove python callchain patch
+- update avc patch
+
* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 0.60-7.2
- bump again for double-long bug on ppc(64)
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/dbus/devel/sources,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- sources 1 Dec 2005 19:44:52 -0000 1.17
+++ sources 24 Feb 2006 20:36:51 -0000 1.18
@@ -1 +1 @@
-da9561b5e579cedddc34f53427e99a93 dbus-0.60.tar.gz
+cfd4f26004e4304e0dace4d82894e50b dbus-0.61.tar.gz
--- dbus-0.60-selinux-avc-audit.patch DELETED ---
--- dbus-python-fix-callchain.patch DELETED ---
- Previous message (by thread): rpms/fontconfig/devel .cvsignore, 1.20, 1.21 fontconfig.spec, 1.71, 1.72 sources, 1.21, 1.22
- Next message (by thread): rpms/selinux-policy/devel policy-20060207.patch, 1.27, 1.28 selinux-policy.spec, 1.129, 1.130
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list