import cronie-1.5.2-4.el8
This commit is contained in:
parent
a05826f76a
commit
c905bb52b3
41
SOURCES/cronie-1.5.2-context-role.patch
Normal file
41
SOURCES/cronie-1.5.2-context-role.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From 1f866530f5b3c49012c61b299f3c4e1dceff2a71 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||||||
|
Date: Thu, 18 Oct 2018 14:25:58 +0200
|
||||||
|
Subject: [PATCH] Use the role from the crond context for system job contexts.
|
||||||
|
|
||||||
|
New SELinux policy added multiple roles for the system_u user on crond_t.
|
||||||
|
The default context returned from get_default_context_with_level() is now
|
||||||
|
unconfined_t instead of system_cronjob_t which is incorrect for system cron
|
||||||
|
jobs.
|
||||||
|
We use the role to limit the default context to system_cronjob_t.
|
||||||
|
---
|
||||||
|
src/security.c | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/security.c b/src/security.c
|
||||||
|
index d1bdc7f..5213cf3 100644
|
||||||
|
--- a/src/security.c
|
||||||
|
+++ b/src/security.c
|
||||||
|
@@ -505,6 +505,7 @@ get_security_context(const char *name, int crontab_fd,
|
||||||
|
retval = get_default_context_with_level(seuser, level, NULL, &scontext);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
+ const char *current_user, *current_role;
|
||||||
|
if (getcon(¤t_context_str) < 0) {
|
||||||
|
log_it(name, getpid(), "getcon FAILED", "", 0);
|
||||||
|
return (security_getenforce() > 0);
|
||||||
|
@@ -517,8 +518,9 @@ get_security_context(const char *name, int crontab_fd,
|
||||||
|
return (security_getenforce() > 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
- const char *current_user = context_user_get(current_context);
|
||||||
|
- retval = get_default_context_with_level(current_user, level, NULL, &scontext);
|
||||||
|
+ current_user = context_user_get(current_context);
|
||||||
|
+ current_role = context_role_get(current_context);
|
||||||
|
+ retval = get_default_context_with_rolelevel(current_user, current_role, level, NULL, &scontext);
|
||||||
|
|
||||||
|
freecon(current_context_str);
|
||||||
|
context_free(current_context);
|
||||||
|
--
|
||||||
|
2.14.5
|
||||||
|
|
13
SOURCES/cronie-1.5.2-restart-on-failure.patch
Normal file
13
SOURCES/cronie-1.5.2-restart-on-failure.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -ru cronie-1.5.2/contrib/cronie.systemd cronie-1.5.2_patched/contrib/cronie.systemd
|
||||||
|
--- cronie-1.5.2/contrib/cronie.systemd 2018-11-27 15:26:46.797288342 +0100
|
||||||
|
+++ cronie-1.5.2_patched/contrib/cronie.systemd 2018-11-27 15:26:19.479159225 +0100
|
||||||
|
@@ -7,6 +7,8 @@
|
||||||
|
ExecStart=/usr/sbin/crond -n $CRONDARGS
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
KillMode=process
|
||||||
|
+Restart=on-failure
|
||||||
|
+RestartSec=30s
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
@ -6,7 +6,7 @@
|
|||||||
Summary: Cron daemon for executing programs at set times
|
Summary: Cron daemon for executing programs at set times
|
||||||
Name: cronie
|
Name: cronie
|
||||||
Version: 1.5.2
|
Version: 1.5.2
|
||||||
Release: 2%{?dist}
|
Release: 4%{?dist}
|
||||||
License: MIT and BSD and ISC and GPLv2+
|
License: MIT and BSD and ISC and GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
URL: https://github.com/cronie-crond/cronie
|
URL: https://github.com/cronie-crond/cronie
|
||||||
@ -38,9 +38,12 @@ Requires(post): systemd
|
|||||||
|
|
||||||
# Some parts of code could result in a memory leak.
|
# Some parts of code could result in a memory leak.
|
||||||
Patch0: fix-memory-leaks.patch
|
Patch0: fix-memory-leaks.patch
|
||||||
|
|
||||||
# Some parts of code could result in undefined behavior.
|
# Some parts of code could result in undefined behavior.
|
||||||
Patch1: fix-unsafe-code.patch
|
Patch1: fix-unsafe-code.patch
|
||||||
|
# Use correct selinux role
|
||||||
|
Patch2: cronie-1.5.2-context-role.patch
|
||||||
|
# Make systemd restart crond when it fails.
|
||||||
|
Patch3: cronie-1.5.2-restart-on-failure.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Cronie contains the standard UNIX daemon crond that runs specified programs at
|
Cronie contains the standard UNIX daemon crond that runs specified programs at
|
||||||
@ -85,6 +88,8 @@ extra features.
|
|||||||
|
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure \
|
%configure \
|
||||||
@ -213,6 +218,14 @@ exit 0
|
|||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jun 12 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-4
|
||||||
|
- Make crond restart on failure
|
||||||
|
- Resolves: rhbz#1715137
|
||||||
|
|
||||||
|
* Mon May 20 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-3
|
||||||
|
- use role from the current context for system crontabs
|
||||||
|
- Resolves: rhbz#1708557
|
||||||
|
|
||||||
* Fri Sep 07 2018 Marcel Plch <mplch@redhat.com> - 1.5.2-2
|
* Fri Sep 07 2018 Marcel Plch <mplch@redhat.com> - 1.5.2-2
|
||||||
- Covscan issues review
|
- Covscan issues review
|
||||||
- Fix potential memory leaks
|
- Fix potential memory leaks
|
||||||
|
Loading…
Reference in New Issue
Block a user