rpms/util-linux-ng/devel util-linux-ng-2.14-mount-file_t.patch, 1.1, 1.2 util-linux-ng.spec, 1.27, 1.28

Karel Zak (kzak) fedora-extras-commits at redhat.com
Wed Jul 23 23:45:13 UTC 2008 

Author: kzak

Update of /cvs/pkgs/rpms/util-linux-ng/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32095

Modified Files:
	util-linux-ng-2.14-mount-file_t.patch util-linux-ng.spec 
Log Message:
* Thu Jul 24 2008 Karel Zak <kzak at redhat.com> 2.14-3
- update util-linux-ng-2.14-mount-file_t.patch to make
  the SELinux warning optional (verbose mode is required)


util-linux-ng-2.14-mount-file_t.patch:

Index: util-linux-ng-2.14-mount-file_t.patch
===================================================================
RCS file: /cvs/pkgs/rpms/util-linux-ng/devel/util-linux-ng-2.14-mount-file_t.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- util-linux-ng-2.14-mount-file_t.patch	1 Jul 2008 12:53:26 -0000	1.1
+++ util-linux-ng-2.14-mount-file_t.patch	23 Jul 2008 23:44:27 -0000	1.2
@@ -1,24 +1,7 @@
-From 4edebc1486133231e38b3881325c374eda567f74 Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak at redhat.com>
-Date: Mon, 23 Jun 2008 13:00:00 +0200
-Subject: [PATCH] mount: warn on "file_t" selinux context
-
-Currently if I mount a file system without labels, it works fine, but
-later or SELinux will start printing denials and stopping certain
-applications from working. It would be nice if the mount command
-checked it in selinux mode.
-
-Addresses-Red-Hat-Bugzilla: #390691
-Signed-off-by: Karel Zak <kzak at redhat.com>
----
- mount/mount.c |   29 ++++++++++++++++++++++++++---
- 1 files changed, 26 insertions(+), 3 deletions(-)
-
-diff --git a/mount/mount.c b/mount/mount.c
-index bed792d..30688ac 100644
---- a/mount/mount.c
-+++ b/mount/mount.c
-@@ -327,7 +327,7 @@ append_context(const char *optname, char *optdata, char **extra_opts)
+diff -up util-linux-ng-2.14/mount/mount.c.kzak util-linux-ng-2.14/mount/mount.c
+--- util-linux-ng-2.14/mount/mount.c.kzak	2008-07-24 01:26:39.000000000 +0200
++++ util-linux-ng-2.14/mount/mount.c	2008-07-24 01:27:56.000000000 +0200
+@@ -332,7 +332,7 @@ append_context(const char *optname, char
  	security_context_t raw = NULL;
  	char *data = NULL;
  
@@ -27,7 +10,7 @@
  		/* ignore the option if we running without selinux */
  		return 0;
  
-@@ -338,8 +338,8 @@ append_context(const char *optname, char *optdata, char **extra_opts)
+@@ -343,8 +343,8 @@ append_context(const char *optname, char
  	data = *optdata =='"' ? strip_quotes(optdata) : optdata;
  
  	if (selinux_trans_to_raw_context(
@@ -38,13 +21,13 @@
  		return -1;
  
  	if (verbose)
-@@ -1370,6 +1370,29 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
+@@ -1397,6 +1397,27 @@ try_mount_one (const char *spec0, const 
    res = EX_FAIL;
  
   out:
 +
 +#ifdef HAVE_LIBSELINUX
-+  if (res != EX_FAIL && is_selinux_enabled() > 0) {
++  if (res != EX_FAIL && verbose && is_selinux_enabled() > 0) {
 +      security_context_t raw = NULL, def = NULL;
 +
 +      if (getfilecon(node, &raw) > 0 &&
@@ -55,10 +38,8 @@
 +                   "       You just mounted an file system that supports labels which does not\n"
 +                   "       contain labels, onto an SELinux box. It is likely that confined\n"
 +                   "       applications will generate AVC messages and not be allowed access to\n"
-+                   "       this file system.  You can add labels to this file system by executing\n"
-+                   "       restorecon(8). If you do not want to add labels to this file system,\n"
-+                   "       you should mount the file system using one of the \"context\" mount\n"
-+                   "       option."), node);
++                   "       this file system. For more details see restorecon(8) and mount(8).\n"),
++                   node);
 +      }
 +      freecon(raw);
 +      freecon(def);
@@ -68,6 +49,3 @@
    my_free(extra_opts1);
    my_free(spec1);
    my_free(node1);
--- 
-1.5.4.1
-


Index: util-linux-ng.spec
===================================================================
RCS file: /cvs/pkgs/rpms/util-linux-ng/devel/util-linux-ng.spec,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- util-linux-ng.spec	1 Jul 2008 12:53:26 -0000	1.27
+++ util-linux-ng.spec	23 Jul 2008 23:44:27 -0000	1.28
@@ -2,7 +2,7 @@
 Summary: A collection of basic system utilities
 Name: util-linux-ng
 Version: 2.14
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2 and GPLv2+ and BSD with advertising and Public Domain
 Group: System Environment/Base
 URL: ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng
@@ -122,7 +122,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
-%patch11 -p1
+%patch11 -p1 -b .kzak
 
 %build
 unset LINGUAS || :
@@ -515,6 +515,10 @@
 /sbin/losetup
 
 %changelog
+* Thu Jul 24 2008 Karel Zak <kzak at redhat.com> 2.14-3
+- update util-linux-ng-2.14-mount-file_t.patch to make
+  the SELinux warning optional (verbose mode is required)
+
 * Tue Jul  1 2008 Karel Zak <kzak at redhat.com> 2.14-2
 - fix #390691 - mount should check selinux context on mount, and warn on file_t

More information about the fedora-extras-commits mailing list