rpms/pam/FC-6 pam-0.99.6.2-selinux-select-context.patch, 1.2, 1.3 pam.spec, 1.136, 1.137
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Feb 22 16:48:56 UTC 2007
Author: tmraz
Update of /cvs/dist/rpms/pam/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv4089
Modified Files:
pam-0.99.6.2-selinux-select-context.patch pam.spec
Log Message:
* Thu Feb 22 2007 Tomas Mraz <tmraz at redhat.com> 0.99.6.2-3.16
- pam_selinux in some cases did not set the context (#229039)
pam-0.99.6.2-selinux-select-context.patch:
pam_selinux.8.xml | 14 ++
pam_selinux.c | 290 ++++++++++++++++++++++++++++++++++++++++++++----------
2 files changed, 254 insertions(+), 50 deletions(-)
Index: pam-0.99.6.2-selinux-select-context.patch
===================================================================
RCS file: /cvs/dist/rpms/pam/FC-6/pam-0.99.6.2-selinux-select-context.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- pam-0.99.6.2-selinux-select-context.patch 5 Feb 2007 19:19:42 -0000 1.2
+++ pam-0.99.6.2-selinux-select-context.patch 22 Feb 2007 16:48:54 -0000 1.3
@@ -1,5 +1,5 @@
---- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml.select-context 2006-12-27 10:59:06.000000000 -0500
-+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml 2006-12-27 10:59:06.000000000 -0500
+--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml.select-context 2007-02-21 20:38:10.000000000 +0100
++++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml 2007-02-21 20:38:11.000000000 +0100
@@ -33,6 +33,9 @@
<arg choice="opt">
verbose
@@ -28,8 +28,8 @@
</variablelist>
</refsect1>
---- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.select-context 2006-12-27 10:59:06.000000000 -0500
-+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2007-01-03 16:06:21.000000000 -0500
+--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.select-context 2007-02-21 20:38:10.000000000 +0100
++++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2007-02-21 20:44:01.000000000 +0100
@@ -63,9 +63,64 @@
#include <selinux/selinux.h>
#include <selinux/get_context_list.h>
@@ -360,7 +360,7 @@
username == NULL) {
return PAM_USER_UNKNOWN;
}
-@@ -319,19 +485,38 @@
+@@ -319,19 +485,39 @@
&contextlist);
if (debug)
pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
@@ -378,6 +378,7 @@
+ pam_syslog(pamh, LOG_ERR, _("Out of memory"));
+ return PAM_AUTH_ERR;
+ }
++ user_context = default_user_context;
+ if (select_context && has_tty) {
+ user_context = config_context(pamh, default_user_context, debug);
+ if (user_context == NULL) {
@@ -404,7 +405,7 @@
if (security_getenforce() == 1)
return PAM_AUTH_ERR;
else
-@@ -340,7 +525,7 @@
+@@ -340,7 +526,7 @@
} else {
pam_syslog (pamh, LOG_ERR,
"Unable to get valid context for %s, No valid tty",
@@ -413,17 +414,18 @@
if (security_getenforce() == 1)
return PAM_AUTH_ERR;
else
-@@ -371,6 +556,9 @@
+@@ -371,6 +557,10 @@
ttyn=strdup(tty);
ttyn_context=security_label_tty(pamh,ttyn,user_context);
}
+ send_audit_message(pamh, 1, default_user_context, user_context);
-+ freecon(default_user_context);
-+
++ if (default_user_context != user_context) {
++ freecon(default_user_context);
++ }
ret = setexeccon(user_context);
if (ret==0 && verbose) {
char msg[PATH_MAX];
-@@ -381,7 +569,7 @@
+@@ -381,7 +571,7 @@
if (ret) {
pam_syslog(pamh, LOG_ERR,
"Error! Unable to set %s executable context %s.",
@@ -432,7 +434,7 @@
if (security_getenforce() == 1) {
freecon(user_context);
return PAM_AUTH_ERR;
-@@ -389,7 +577,7 @@
+@@ -389,7 +579,7 @@
} else {
if (debug)
pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
@@ -441,7 +443,7 @@
}
#ifdef HAVE_SETKEYCREATECON
ret = setkeycreatecon(user_context);
-@@ -402,7 +590,7 @@
+@@ -402,7 +592,7 @@
if (ret) {
pam_syslog(pamh, LOG_ERR,
"Error! Unable to set %s key creation context %s.",
@@ -450,7 +452,7 @@
if (security_getenforce() == 1) {
freecon(user_context);
return PAM_AUTH_ERR;
-@@ -410,7 +598,7 @@
+@@ -410,7 +600,7 @@
} else {
if (debug)
pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
Index: pam.spec
===================================================================
RCS file: /cvs/dist/rpms/pam/FC-6/pam.spec,v
retrieving revision 1.136
retrieving revision 1.137
diff -u -r1.136 -r1.137
--- pam.spec 5 Feb 2007 19:19:42 -0000 1.136
+++ pam.spec 22 Feb 2007 16:48:54 -0000 1.137
@@ -11,7 +11,7 @@
Summary: A security tool which provides authentication for applications
Name: pam
Version: 0.99.6.2
-Release: 3.15%{?dist}
+Release: 3.16%{?dist}
License: GPL or BSD
Group: System Environment/Base
Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@@ -401,6 +401,9 @@
%doc doc/adg/*.txt doc/adg/html
%changelog
+* Thu Feb 22 2007 Tomas Mraz <tmraz at redhat.com> 0.99.6.2-3.16
+- pam_selinux in some cases did not set the context (#229039)
+
* Mon Feb 15 2007 Tomas Mraz <tmraz at redhat.com> 0.99.6.2-3.15
- pam_namespace: unmount poly dir for override users
More information about the fedora-cvs-commits
mailing list