rpms/nss_db/devel nss_db-2.2-selinux.patch, 1.3, 1.4 nss_db.spec, 1.36, 1.37
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Tue Nov 6 21:27:52 UTC 2007
Author: nalin
Update of /cvs/pkgs/rpms/nss_db/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7019
Modified Files:
nss_db-2.2-selinux.patch nss_db.spec
Log Message:
- when setting file contexts for creation of new files, only fail outright
if we were in enforcing mode and the file needed to be given a specific
label (#368501)
nss_db-2.2-selinux.patch:
Index: nss_db-2.2-selinux.patch
===================================================================
RCS file: /cvs/pkgs/rpms/nss_db/devel/nss_db-2.2-selinux.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- nss_db-2.2-selinux.patch 28 Feb 2005 18:25:36 -0000 1.3
+++ nss_db-2.2-selinux.patch 6 Nov 2007 21:27:48 -0000 1.4
@@ -102,7 +102,7 @@
if (status)
error (EXIT_FAILURE, 0, gettext ("cannot open output file `%s': %s"),
output_name, db_strerror (status));
-@@ -388,3 +400,44 @@
+@@ -388,3 +400,55 @@
return EXIT_SUCCESS;
}
@@ -112,7 +112,7 @@
+static void
+set_file_creation_context (const char *outname, mode_t mode)
+{
-+ static int enabled = -1;
++ static int enabled = -1, enforcing = -1;
+ security_context_t ctx;
+ /* Handle the "reset the context" case. */
+ if (outname == NULL)
@@ -129,19 +129,30 @@
+ {
+ return;
+ }
-+ /* Determine the context which the file should have. */
-+ ctx = NULL;
-+ if (matchpathcon (outname, S_IFREG | mode, &ctx) != 0)
++ /* Check if SELinux is enforcing, and remember. */
++ if (enforcing == -1)
+ {
-+ error (EXIT_FAILURE, 0,
-+ gettext ("cannot determine file context for `%s'"), outname);
++ enforcing = security_getenforce();
+ }
-+ if (ctx != NULL)
++ /* Determine the context which the file should have. */
++ ctx = NULL;
++ if ((matchpathcon (outname, S_IFREG | mode, &ctx) == 0) &&
++ (ctx != NULL))
+ {
+ if (setfscreatecon (ctx) != 0)
+ {
-+ error (EXIT_FAILURE, 0,
-+ gettext ("cannot set file creation context for `%s'"), outname);
++ if (enforcing)
++ {
++ error (EXIT_FAILURE, 0,
++ gettext ("cannot set file creation context for `%s'"),
++ outname);
++ }
++ else
++ {
++ error (0, 0,
++ gettext ("cannot set file creation context for `%s'"),
++ outname);
++ }
+ }
+ freecon (ctx);
+ }
Index: nss_db.spec
===================================================================
RCS file: /cvs/pkgs/rpms/nss_db/devel/nss_db.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- nss_db.spec 14 Aug 2007 14:15:04 -0000 1.36
+++ nss_db.spec 6 Nov 2007 21:27:48 -0000 1.37
@@ -2,10 +2,11 @@
Summary: An NSS library for the Berkeley DB
Name: nss_db
Version: 2.2
-Release: 38
+Release: 39
Source: ftp://sources.redhat.com/pub/glibc/releases/nss_db-%{version}.tar.gz
Source1: http://download.oracle.com/berkeley-db/db-%{db_version}.tar.gz
Source2: db-getent-Makefile
+Source3: fail-setfscreatecon.c
URL: http://sources.redhat.com/glibc/
Patch0: nss_db-2.2-external.patch
Patch1: nss_db-2.2-automake.patch
@@ -115,6 +116,11 @@
%config(noreplace) /var/db/Makefile
%changelog
+* Tue Nov 6 2007 Nalin Dahyabhai <nalin at redhat.com> - 2.2-39
+- when setting file contexts for creation of new files, only fail outright
+ if we were in enforcing mode and the file needed to be given a specific
+ label (#368501)
+
* Tue Aug 14 2007 Nalin Dahyabhai <nalin at redhat.com> - 2.2-38
- adapt to open-is-a-macro cases
More information about the fedora-extras-commits
mailing list