- Set close-on-exec on dhclient.leases for SELinux (#446632)

2008-05-17 00:18:13 +00:00 · 2008-05-17 00:18:13 +00:00 · ea7085d2ef
commit ea7085d2ef
parent 0e27ee4924
3 changed files with 58 additions and 14 deletions
--- a/dhcp-3.0.5-selinux.patch
+++ b/dhcp-3.0.5-selinux.patch
@ -1,11 +0,0 @@
--- dhcp-3.0.5/client/dhclient.c.selinux	2007-03-30 16:11:54.000000000 -0400
-+++ dhcp-3.0.5/client/dhclient.c	2007-03-30 16:12:27.000000000 -0400
-@@ -3009,6 +3009,8 @@
- 			wstatus = 0;
- 		}
- 	} else {
-+		if (leaseFile)
-+			fclose(leaseFile);
- 		execve (scriptName, argv, envp);
- 		log_error ("execve (%s, ...): %m", scriptName);
- 		exit (0);
--- a/dhcp-4.0.0-selinux.patch
+++ b/dhcp-4.0.0-selinux.patch
@ -0,0 +1,48 @@
+diff -up dhcp-4.0.0//client/dhclient.c.selinux dhcp-4.0.0//client/dhclient.c
+--- dhcp-4.0.0//client/dhclient.c.selinux	2008-05-16 13:42:18.000000000 -1000
+++ dhcp-4.0.0//client/dhclient.c	2008-05-16 13:57:54.000000000 -1000
+@@ -2908,6 +2908,11 @@ void rewrite_client_leases ()
+ 		return;
+ 	}
+ 
+	if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+		log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+		return;
+	}
+
+ 	/* If there is a default duid, write it out. */
+ 	if (default_duid.len != 0)
+ 		write_duid(&default_duid);
+@@ -3011,6 +3016,10 @@ write_duid(struct data_string *duid)
+ 			log_error("can't create %s: %m", path_dhclient_db);
+ 			return ISC_R_IOERROR;
+ 		}
+		if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+			log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+			return ISC_R_IOERROR;
+		}
+ 	}
+ 
+ 	/* It would make more sense to write this as a hex string,
+@@ -3058,6 +3067,10 @@ write_client6_lease(struct client_state 
+ 			log_error("can't create %s: %m", path_dhclient_db);
+ 			return ISC_R_IOERROR;
+ 		}
+		if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+			log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+			return ISC_R_IOERROR;
+		}
+ 	}
+ 
+ 	stat = fprintf(leaseFile, "lease6 {\n");
+@@ -3161,6 +3174,10 @@ int write_client_lease (client, lease, r
+ 			log_error ("can't create %s: %m", path_dhclient_db);
+ 			return 0;
+ 		}
+		if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+			log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+			return ISC_R_IOERROR;
+		}
+ 	}
+ 
+ 	errno = 0;
--- a/dhcp.spec
+++ b/dhcp.spec
@ -4,7 +4,7 @@
 Summary:  DHCP (Dynamic Host Configuration Protocol) server and relay agent
 Name:     dhcp
 Version:  4.0.0
-Release:  14%{?dist}
+Release:  15%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@ -43,7 +43,8 @@ Patch13:  %{name}-4.0.0-dhclient-anycast.patch
 Patch14:  %{name}-4.0.0-manpages.patch
 Patch15:  %{name}-4.0.0-paths.patch
 Patch16:  %{name}-4.0.0-NetworkManager-crash.patch
-Patch17:  %{name}-4.0.0-libdhcp4client.patch
+Patch17:  %{name}-4.0.0-selinux.patch
+Patch18:  %{name}-4.0.0-libdhcp4client.patch

 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: autoconf
@ -187,9 +188,12 @@ client library.
 # Avoid crash when dhclient is run with NetworkManager
 %patch16 -p1

-# Add the libdhcp4client target (library version of dhclient)
+# Set close-on-exec for dhclient.leases for SELinux (#446632)
 %patch17 -p1

+# Add the libdhcp4client target (library version of dhclient)
+%patch18 -p1
+
 # Copy in documentation and example scripts for LDAP patch to dhcpd
 %{__install} -p -m 0644 %{SOURCE5} .
 %{__install} -p -m 0644 %{SOURCE6} doc/
@ -418,6 +422,9 @@ fi
 %{_libdir}/libdhcp4client.so

 %changelog
+* Fri May 16 2008 David Cantrell <dcantrell@redhat.com> - 12:4.0.0-15
+- Set close-on-exec on dhclient.leases for SELinux (#446632)
+
 * Tue Apr 01 2008 David Cantrell <dcantrell@redhat.com> - 12:4.0.0-14
 - Avoid dhclient crash when run via NetworkManager (#439796)