rpms/pam/devel pam-0.99.10.0-namespace-level.patch, NONE, 1.1 pam-0.99.10.0-namespace-umount.patch, NONE, 1.1 pam-0.99.10.0-selinux-prev-context.patch, NONE, 1.1 pam.spec, 1.173, 1.174
Tomáš Mráz (tmraz)
fedora-extras-commits at redhat.com
Thu Mar 20 16:50:49 UTC 2008
- Previous message (by thread): rpms/shared-mime-info/devel defaults.list, 1.18, 1.19 shared-mime-info.spec, 1.58, 1.59
- Next message (by thread): rpms/xmountains/devel xmountains.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/pam/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21790
Modified Files:
pam.spec
Added Files:
pam-0.99.10.0-namespace-level.patch
pam-0.99.10.0-namespace-umount.patch
pam-0.99.10.0-selinux-prev-context.patch
Log Message:
* Thu Mar 20 2008 Tomas Mraz <tmraz at redhat.com> 0.99.10.0-4
- pam_namespace: fix problem with level polyinst (#438264)
- pam_namespace: improve override checking for umount
- pam_selinux: fix syslogging a context after free() (#438338)
pam-0.99.10.0-namespace-level.patch:
--- NEW FILE pam-0.99.10.0-namespace-level.patch ---
diff -up Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c.umount Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c
--- Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c.umount 2008-02-13 14:52:13.000000000 +0100
+++ Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c 2008-03-20 15:29:11.000000000 +0100
@@ -822,10 +822,11 @@ static int poly_name(const struct polydi
*/
pm = polyptr->method;
- if (pm == LEVEL || pm == USER) {
+ if (pm == LEVEL || pm == CONTEXT)
#ifdef WITH_SELINUX
- if (!(idata->flags & PAMNS_CTXT_BASED_INST))
+ if (!(idata->flags & PAMNS_CTXT_BASED_INST)) {
#else
+ {
pam_syslog(idata->pamh, LOG_NOTICE,
"Context and level methods not available, using user method");
#endif
pam-0.99.10.0-namespace-umount.patch:
--- NEW FILE pam-0.99.10.0-namespace-umount.patch ---
diff -up Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c.umount Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c
--- Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c.umount 2008-02-13 14:52:13.000000000 +0100
+++ Linux-PAM-0.99.10.0/modules/pam_namespace/pam_namespace.c 2008-03-17 11:40:02.000000000 +0100
@@ -1528,8 +1528,11 @@ static int setup_namespace(struct instan
*/
for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) {
enum unmnt_op dir_unmnt = unmnt;
+ if (ns_override(pptr, idata, idata->ruid)) {
+ dir_unmnt = NO_UNMNT;
+ }
if (ns_override(pptr, idata, idata->uid)) {
- if (unmnt == NO_UNMNT || ns_override(pptr, idata, idata->ruid)) {
+ if (dir_unmnt == NO_UNMNT) {
continue;
} else {
dir_unmnt = UNMNT_ONLY;
pam-0.99.10.0-selinux-prev-context.patch:
--- NEW FILE pam-0.99.10.0-selinux-prev-context.patch ---
diff -up Linux-PAM-0.99.10.0/modules/pam_selinux/pam_selinux.c.prev-context Linux-PAM-0.99.10.0/modules/pam_selinux/pam_selinux.c
--- Linux-PAM-0.99.10.0/modules/pam_selinux/pam_selinux.c.prev-context 2007-06-18 12:46:48.000000000 +0200
+++ Linux-PAM-0.99.10.0/modules/pam_selinux/pam_selinux.c 2008-03-20 17:38:41.000000000 +0100
@@ -672,7 +672,7 @@ PAM_EXTERN int
pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
- int i, debug = 0,status=0, open_session=0;
+ int i, debug = 0, status = PAM_SUCCESS, open_session = 0;
if (! (selinux_enabled ))
return PAM_SUCCESS;
@@ -702,19 +702,21 @@ pam_sm_close_session(pam_handle_t *pamh,
free(ttyn);
ttyn=NULL;
}
- status=setexeccon(prev_user_context);
- freecon(prev_user_context);
- if (status) {
- pam_syslog(pamh, LOG_ERR, "Error! Unable to set executable context %s.",
+ if (prev_user_context) {
+ if (setexeccon(prev_user_context)) {
+ pam_syslog(pamh, LOG_ERR, "Unable to restore executable context %s.",
prev_user_context);
- if (security_getenforce() == 1)
- return PAM_AUTH_ERR;
- else
- return PAM_SUCCESS;
+ if (security_getenforce() == 1)
+ status = PAM_AUTH_ERR;
+ else
+ status = PAM_SUCCESS;
+ }
+ freecon(prev_user_context);
+ prev_user_context = NULL;
}
if (debug)
pam_syslog(pamh, LOG_NOTICE, "setcontext back to orginal");
- return PAM_SUCCESS;
+ return status;
}
Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/pam.spec,v
retrieving revision 1.173
retrieving revision 1.174
diff -u -r1.173 -r1.174
--- pam.spec 28 Feb 2008 22:44:06 -0000 1.173
+++ pam.spec 20 Mar 2008 16:50:13 -0000 1.174
@@ -5,7 +5,7 @@
Summary: A security tool which provides authentication for applications
Name: pam
Version: 0.99.10.0
-Release: 3%{?dist}
+Release: 4%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
# pam_rhosts_auth module is BSD with advertising
@@ -30,6 +30,9 @@
Patch21: pam-0.99.10.0-unix-audit-failed.patch
Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
Patch32: pam-0.99.3.0-tally-fail-close.patch
+Patch33: pam-0.99.10.0-namespace-umount.patch
+Patch34: pam-0.99.10.0-namespace-level.patch
+Patch35: pam-0.99.10.0-selinux-prev-context.patch
%define _sbindir /sbin
%define _moduledir /%{_lib}/security
@@ -107,6 +110,9 @@
%patch21 -p1 -b .audit-failed
%patch31 -p1 -b .try-first-pass
%patch32 -p1 -b .fail-close
+%patch33 -p1 -b .umount
+%patch34 -p1 -b .level
+%patch35 -p1 -b .prev-context
autoreconf
@@ -376,6 +382,11 @@
%doc doc/adg/*.txt doc/adg/html
%changelog
+* Thu Mar 20 2008 Tomas Mraz <tmraz at redhat.com> 0.99.10.0-4
+- pam_namespace: fix problem with level polyinst (#438264)
+- pam_namespace: improve override checking for umount
+- pam_selinux: fix syslogging a context after free() (#438338)
+
* Thu Feb 28 2008 Tomas Mraz <tmraz at redhat.com> 0.99.10.0-3
- update pam-redhat module tarball
- update internal db4
- Previous message (by thread): rpms/shared-mime-info/devel defaults.list, 1.18, 1.19 shared-mime-info.spec, 1.58, 1.59
- Next message (by thread): rpms/xmountains/devel xmountains.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list