diff --git a/dbus-1.1.2-audit-user.patch b/dbus-1.1.2-audit-user.patch new file mode 100644 index 0000000..5947293 --- /dev/null +++ b/dbus-1.1.2-audit-user.patch @@ -0,0 +1,55 @@ +diff -up dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c.audit-user dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c +--- dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c.audit-user 2007-07-24 11:39:09.000000000 -0400 ++++ dbus-1.1.2/dbus/dbus-sysdeps-util-unix.c 2007-09-14 09:00:24.000000000 -0400 +@@ -300,7 +300,7 @@ _dbus_change_to_daemon_user (const char + * run as ... doesn't really help. But keeps people happy. + */ + +- if (!we_were_root) ++ if (we_were_root) + { + cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE }; + cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID }; +@@ -376,7 +376,7 @@ _dbus_change_to_daemon_user (const char + } + + #ifdef HAVE_LIBAUDIT +- if (!we_were_root) ++ if (we_were_root) + { + if (cap_set_proc (new_caps)) + { +@@ -395,6 +395,7 @@ _dbus_change_to_daemon_user (const char + _dbus_strerror (errno)); + return FALSE; + } ++ audit_init(); + } + #endif + +diff -up dbus-1.1.2/bus/selinux.c.audit-user dbus-1.1.2/bus/selinux.c +--- dbus-1.1.2/bus/selinux.c.audit-user 2007-07-24 11:39:08.000000000 -0400 ++++ dbus-1.1.2/bus/selinux.c 2007-09-14 08:31:14.000000000 -0400 +@@ -113,7 +113,7 @@ static const struct avc_lock_callback lo + static int audit_fd = -1; + #endif + +-static void ++void + audit_init(void) + { + #ifdef HAVE_LIBAUDIT +@@ -350,12 +350,8 @@ bus_selinux_full_init (void) + + freecon (bus_context); + +- audit_init (); +- +- return TRUE; +-#else +- return TRUE; + #endif /* HAVE_SELINUX */ ++ return TRUE; + } + + /** diff --git a/dbus.spec b/dbus.spec index 1689805..1f6a95a 100644 --- a/dbus.spec +++ b/dbus.spec @@ -8,7 +8,7 @@ Summary: D-BUS message bus Name: dbus Version: 1.1.2 -Release: 4%{?dist} +Release: 5%{?dist} URL: http://www.freedesktop.org/software/dbus/ Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz Source1: doxygen_to_devhelp.xsl @@ -37,6 +37,7 @@ Patch0: dbus-0.60-start-early.patch Patch1: dbus-1.0.1-generate-xml-docs.patch # https://bugs.freedesktop.org/show_bug.cgi?id=11491 Patch2: dbus-1.0.2-lsb.patch +Patch3: dbus-1.1.2-audit-user.patch %description @@ -79,6 +80,7 @@ in this separate package so server systems need not install X. %patch0 -p1 -b .start-early %patch1 -p1 -b .generate-xml-docs %patch2 -p1 -b .lsb +%patch3 -p1 -b .audit-user autoreconf -f -i @@ -198,6 +200,12 @@ fi %{_datadir}/devhelp/books/dbus %changelog +* Fri Sep 14 2007 Dan Walsh - 1.1.2-5%{?dist} +- Reverse we_were_root check to setpcap if we were root. Also only init +audit if we were root. So error dbus message will not show up when policy +reload happens. dbus -session will no longer try to send audit message, +only system will. + * Tue Aug 28 2007 David Zeuthen - 1.1.2-4%{?dist} - Make dbus require dbus-libs (#261721)