- 533189 pam needs add a line and selinux needs defined one function

cronie-pam.patch

@@ -0,0 +1,8 @@
+diff -up cronie-1.4.3/pam/crond.ppp cronie-1.4.3/pam/crond
+--- cronie-1.4.3/pam/crond.ppp	2009-09-25 08:23:18.000000000 +0200
++++ cronie-1.4.3/pam/crond	2009-11-05 16:34:06.000000000 +0100
+@@ -7,3 +7,4 @@ account    required   pam_access.so
+ account    include    password-auth
+ session    required   pam_loginuid.so
+ session    include    password-auth
++auth       include    password-auth

cronie-selinux_passwd.patch

@@ -0,0 +1,44 @@
+diff -up cronie-1.4.3/src/security.c.old cronie-1.4.3/src/security.c
+--- cronie-1.4.3/src/security.c.old	2009-09-25 08:23:18.000000000 +0200
++++ cronie-1.4.3/src/security.c	2009-11-05 16:43:13.000000000 +0100
+@@ -486,9 +486,37 @@ void free_security_context(security_cont
+ 
+ int crontab_security_access(void) {
+ #ifdef WITH_SELINUX
+-	if (is_selinux_enabled() > 0)
+-		if (selinux_check_passwd_access(PASSWD__CRONTAB) != 0)
+-			return -1;
++	int selinux_check_passwd_access = -1;
++	if (is_selinux_enabled() > 0) {
++		security_context_t user_context;
++		if (getprevcon_raw(&user_context) == 0) {
++			security_class_t passwd_class;
++			struct av_decision avd;
++			int retval;
++
++			passwd_class = string_to_security_class("passwd");
++			if (passwd_class == 0) {
++				selinux_check_passwd_access = -1;
++				fprintf(stderr, "Security class \"passwd\" is not defined in the SELinux policy.\n");
++			}
++
++			retval = security_compute_av_raw(user_context,
++							user_context,
++							passwd_class,
++							PASSWD__CRONTAB,
++							&avd);
++
++			if ((retval == 0) && ((PASSWD__CRONTAB & avd.allowed) == PASSWD__CRONTAB)) {
++				selinux_check_passwd_access = 0;
++			}
++			freecon(user_context);
++		}
++
++		if (selinux_check_passwd_access != 0 && security_getenforce() == 0)
++			selinux_check_passwd_access = 0;
++
++		return selinux_check_passwd_access;
++	}
+ #endif
+ 	return 0;
+ }

cronie.spec

@@ -6,11 +6,13 @@
 Summary: Cron daemon for executing programs at set times
 Name: cronie
 Version: 1.4.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: MIT and BSD and GPLv2
 Group: System Environment/Base
 URL: https://fedorahosted.org/cronie
 Source0: https://fedorahosted.org/releases/c/r/cronie/%{name}-%{version}.tar.gz
+Patch0: cronie-selinux_passwd.patch
+Patch1: cronie-pam.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Requires: syslog, bash >= 2.0
@@ -71,6 +73,8 @@ Old style of {hourly,daily,weekly,monthly}.jobs without anacron. No features.
 
 %prep
 %setup -q
+%patch0 -p1
+%patch1 -p1
 
 %build
 
@@ -193,6 +197,9 @@ cp -a /var/lock/subsys/crond /var/lock/subsys/cronie > /dev/null 2>&1 ||:
 %attr(0644,root,root) %{_sysconfdir}/cron.d/dailyjobs
 
 %changelog
+* Thu Nov  5 2009 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.3-2
+- 533189 pam needs add a line and selinux needs defined one function
+
 * Fri Oct 30 2009 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.3-1
 - 531963 and 532482 creating noanacron package