dbus/dbus-libcap.patch
2010-01-13 01:02:20 +00:00

203 lines
6.4 KiB
Diff

--- dbus-1.2.16.orig/bus/selinux.c 2009-11-01 09:58:22.000000000 -0500
+++ dbus-1.2.16.orig/bus/selinux.c 2009-11-01 11:30:45.000000000 -0500
@@ -1015,3 +1015,74 @@ bus_selinux_shutdown (void)
#endif /* HAVE_SELINUX */
}
+/**
+ * Changes the user and group the bus is running as.
+ *
+ * @param user the user to become
+ * @param error return location for errors
+ * @returns #FALSE on failure
+ */
+dbus_bool_t
+_dbus_change_to_daemon_user (const char *user,
+ DBusError *error)
+{
+ dbus_uid_t uid;
+ dbus_gid_t gid;
+ DBusString u;
+
+ _dbus_string_init_const (&u, user);
+
+ if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid))
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "User '%s' does not appear to exist?",
+ user);
+ return FALSE;
+ }
+
+#ifdef HAVE_LIBAUDIT
+ /* If we were root */
+ if (_dbus_geteuid () == 0)
+ {
+ int rc;
+
+ capng_clear(CAPNG_SELECT_BOTH);
+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+ CAP_AUDIT_WRITE);
+ rc = capng_change_id(uid, gid, 0);
+ if (rc)
+ {
+ switch (rc) {
+ default:
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "Failed to drop capabilities: %s\n",
+ _dbus_strerror (errno));
+ break;
+ case -4:
+ dbus_set_error (error, _dbus_error_from_errno (errno),
+ "Failed to set GID to %lu: %s", gid,
+ _dbus_strerror (errno));
+ break;
+ case -5:
+ _dbus_warn ("Failed to drop supplementary groups: %s\n",
+ _dbus_strerror (errno));
+ break;
+ case -6:
+ dbus_set_error (error, _dbus_error_from_errno (errno),
+ "Failed to set UID to %lu: %s", uid,
+ _dbus_strerror (errno));
+ break;
+ case -7:
+ dbus_set_error (error, _dbus_error_from_errno (errno),
+ "Failed to unset keep-capabilities: %s\n",
+ _dbus_strerror (errno));
+ break;
+ }
+ return FALSE;
+ }
+ }
+#endif /* HAVE_LIBAUDIT */
+
+ return TRUE;
+}
+
--- dbus-1.2.16.orig/bus/selinux.h 2009-11-01 09:58:22.000000000 -0500
+++ dbus-1.2.16.orig/bus/selinux.h 2009-11-01 11:33:15.000000000 -0500
@@ -68,5 +68,7 @@ BusSELinuxID* bus_selinux_init_connectio
void bus_selinux_audit_init(void);
+dbus_bool_t _dbus_change_to_daemon_user (const char *user,
+ DBusError *error);
#endif /* BUS_SELINUX_H */
--- dbus-1.2.16.orig/configure.in 2009-11-01 09:58:22.000000000 -0500
+++ dbus-1.2.16.orig/configure.in 2009-11-01 11:30:45.000000000 -0500
@@ -852,8 +852,7 @@ fi
AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
if test x$have_libaudit = xyes ; then
- SELINUX_LIBS="$SELINUX_LIBS -laudit"
- LIBS="-lcap-ng $LIBS"
+ SELINUX_LIBS="$SELINUX_LIBS -laudit -lcap-ng"
AC_DEFINE(HAVE_LIBAUDIT,1,[audit daemon SELinux support])
fi
--- dbus-1.2.16.orig/dbus/dbus-sysdeps.h 2009-11-01 09:58:22.000000000 -0500
+++ dbus-1.2.16.orig/dbus/dbus-sysdeps.h 2009-11-01 11:33:08.000000000 -0500
@@ -418,8 +418,6 @@ dbus_bool_t _dbus_become_daemon (const
dbus_bool_t keep_umask);
dbus_bool_t _dbus_verify_daemon_user (const char *user);
-dbus_bool_t _dbus_change_to_daemon_user (const char *user,
- DBusError *error);
dbus_bool_t _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile,
DBusPipe *print_pid_pipe,
--- dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c 2009-11-01 09:58:22.000000000 -0500
+++ dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c 2009-11-01 11:30:45.000000000 -0500
@@ -45,10 +45,6 @@
#include <sys/un.h>
#include <syslog.h>
#include <syslog.h>
-#ifdef HAVE_LIBAUDIT
-#include <cap-ng.h>
-#include <libaudit.h>
-#endif /* HAVE_LIBAUDIT */
#ifdef HAVE_SYS_SYSLIMITS_H
#include <sys/syslimits.h>
@@ -308,77 +304,6 @@ _dbus_verify_daemon_user (const char *us
return _dbus_get_user_id_and_primary_group (&u, NULL, NULL);
}
-/**
- * Changes the user and group the bus is running as.
- *
- * @param user the user to become
- * @param error return location for errors
- * @returns #FALSE on failure
- */
-dbus_bool_t
-_dbus_change_to_daemon_user (const char *user,
- DBusError *error)
-{
- dbus_uid_t uid;
- dbus_gid_t gid;
- DBusString u;
-
- _dbus_string_init_const (&u, user);
-
- if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid))
- {
- dbus_set_error (error, DBUS_ERROR_FAILED,
- "User '%s' does not appear to exist?",
- user);
- return FALSE;
- }
-
-#ifdef HAVE_LIBAUDIT
- /* If we were root */
- if (_dbus_geteuid () == 0)
- {
- int rc;
-
- capng_clear(CAPNG_SELECT_BOTH);
- capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
- CAP_AUDIT_WRITE);
- rc = capng_change_id(uid, gid, 0);
- if (rc)
- {
- switch (rc) {
- default:
- dbus_set_error (error, DBUS_ERROR_FAILED,
- "Failed to drop capabilities: %s\n",
- _dbus_strerror (errno));
- break;
- case -4:
- dbus_set_error (error, _dbus_error_from_errno (errno),
- "Failed to set GID to %lu: %s", gid,
- _dbus_strerror (errno));
- break;
- case -5:
- _dbus_warn ("Failed to drop supplementary groups: %s\n",
- _dbus_strerror (errno));
- break;
- case -6:
- dbus_set_error (error, _dbus_error_from_errno (errno),
- "Failed to set UID to %lu: %s", uid,
- _dbus_strerror (errno));
- break;
- case -7:
- dbus_set_error (error, _dbus_error_from_errno (errno),
- "Failed to unset keep-capabilities: %s\n",
- _dbus_strerror (errno));
- break;
- }
- return FALSE;
- }
- }
-#endif /* HAVE_LIBAUDIT */
-
- return TRUE;
-}
-
void
_dbus_init_system_log (void)
{