94 lines
2.4 KiB
Diff
94 lines
2.4 KiB
Diff
diff -up ./src/daemon/fapolicyd.c.librpm-workaround ./src/daemon/fapolicyd.c
|
|
--- ./src/daemon/fapolicyd.c.librpm-workaround 2023-07-10 11:19:19.507044648 +0200
|
|
+++ ./src/daemon/fapolicyd.c 2023-07-10 11:19:19.509044621 +0200
|
|
@@ -572,7 +572,7 @@ int main(int argc, const char *argv[])
|
|
capng_clear(CAPNG_SELECT_BOTH);
|
|
capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
|
|
CAP_DAC_OVERRIDE, CAP_SYS_ADMIN, CAP_SYS_PTRACE,
|
|
- CAP_SYS_NICE, CAP_SYS_RESOURCE, CAP_AUDIT_WRITE, -1);
|
|
+ CAP_SYS_NICE, CAP_SYS_RESOURCE, CAP_AUDIT_WRITE, CAP_CHOWN, -1);
|
|
if (capng_change_id(config.uid, config.gid,
|
|
CAPNG_DROP_SUPP_GRP)) {
|
|
msg(LOG_ERR, "Cannot change to uid %d", config.uid);
|
|
diff -up ./src/library/rpm-backend.c.librpm-workaround ./src/library/rpm-backend.c
|
|
--- ./src/library/rpm-backend.c.librpm-workaround 2023-06-15 16:45:14.000000000 +0200
|
|
+++ ./src/library/rpm-backend.c 2023-07-10 11:22:07.066794595 +0200
|
|
@@ -32,7 +32,12 @@
|
|
#include <rpm/rpmdb.h>
|
|
#include <rpm/rpmpgp.h>
|
|
#include <fnmatch.h>
|
|
+#include <glob.h>
|
|
+#include <pwd.h>
|
|
+#include <grp.h>
|
|
+#include <fcntl.h>
|
|
|
|
+#include <unistd.h>
|
|
#include <uthash.h>
|
|
|
|
#include "message.h"
|
|
@@ -59,6 +64,50 @@ backend rpm_backend =
|
|
static rpmts ts = NULL;
|
|
static rpmdbMatchIterator mi = NULL;
|
|
|
|
+static void fix_files(void)
|
|
+{
|
|
+ glob_t glob_result;
|
|
+ const char *pattern = "/var/lib/rpm/__*";
|
|
+
|
|
+ struct passwd * usr = getpwnam("fapolicyd");
|
|
+ if (usr == NULL) {
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ struct group * grp = getgrnam("fapolicyd");
|
|
+ if (grp == NULL) {
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ int return_value = glob(pattern, 0, NULL, &glob_result);
|
|
+ if (return_value != 0) {
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ for (int i = 0; i < glob_result.gl_pathc; ++i) {
|
|
+
|
|
+ int fd = open(glob_result.gl_pathv[i], O_NOFOLLOW);
|
|
+
|
|
+ if (fd == -1)
|
|
+ continue;
|
|
+
|
|
+ struct stat file_stat;
|
|
+ if (fstat(fd, &file_stat) != 0) {
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ if (file_stat.st_uid == usr->pw_uid &&
|
|
+ file_stat.st_gid == grp->gr_gid) {
|
|
+
|
|
+ fchown(fd, 0, 0);
|
|
+ }
|
|
+
|
|
+ close(fd);
|
|
+ }
|
|
+
|
|
+ globfree(&glob_result);
|
|
+}
|
|
+
|
|
static int init_rpm(void)
|
|
{
|
|
return rpmReadConfigFiles ((const char *)NULL, (const char *)NULL);
|
|
@@ -201,8 +250,13 @@ static int rpm_load_list(const conf_t *c
|
|
return rc;
|
|
}
|
|
|
|
+ int fixed = 0;
|
|
// Loop across the rpm database
|
|
while (get_next_package_rpm()) {
|
|
+ if (!fixed) {
|
|
+ fixed = 1;
|
|
+ fix_files();
|
|
+ }
|
|
// Loop across the packages
|
|
while (get_next_file_rpm()) {
|
|
// We do not want directories or symlinks in the
|