- fixes #662720 - Providing native systemd file

- freeing memory when capabilities are dropped
2010-12-15 16:27:40 +01:00 · 2010-12-15 16:27:40 +01:00 · 3b540d0346
commit 3b540d0346
parent e1736c3c95
3 changed files with 52 additions and 17 deletions
--- a/iputils-20101006-drop_caps.patch
+++ b/iputils-20101006-drop_caps.patch
@ -1,6 +1,6 @@
 diff -up iputils-s20101006/Makefile.drop_caps iputils-s20101006/Makefile
--- iputils-s20101006/Makefile.drop_caps	2010-11-08 09:31:42.000000000 +0100
-+++ iputils-s20101006/Makefile	2010-11-08 09:34:26.858580455 +0100
+--- iputils-s20101006/Makefile.drop_caps	2010-11-08 14:49:53.334577997 +0100
+++ iputils-s20101006/Makefile	2010-11-08 14:49:53.342599113 +0100
@@ -13,7 +13,7 @@ ADDLIB=
 CC=gcc
 # What a pity, all new gccs are buggy and -Werror does not work. Sigh.
@ -24,8 +24,8 @@ diff -up iputils-s20101006/Makefile.drop_caps iputils-s20101006/Makefile
 ping.o ping6.o ping_common.o: ping_common.h in6_flowlabel.h
 tftpd.o tftpsubs.o: tftp.h
 diff -up iputils-s20101006/ping6.c.drop_caps iputils-s20101006/ping6.c
--- iputils-s20101006/ping6.c.drop_caps	2010-11-08 09:31:42.120827826 +0100
-+++ iputils-s20101006/ping6.c	2010-11-08 09:31:42.125837869 +0100
+--- iputils-s20101006/ping6.c.drop_caps	2010-11-08 14:49:53.338587611 +0100
+++ iputils-s20101006/ping6.c	2010-12-15 16:06:16.949794002 +0100
@@ -73,6 +73,10 @@ char copyright[] =
 #include <netinet/icmp6.h>
 #include <resolv.h>
@ -37,7 +37,7 @@ diff -up iputils-s20101006/ping6.c.drop_caps iputils-s20101006/ping6.c
 #include "ping6_niquery.h"
 #include "in6_flowlabel.h"
 
-@@ -533,10 +537,22 @@ int main(int argc, char *argv[])
+@@ -533,6 +537,9 @@ int main(int argc, char *argv[])
 	int csum_offset, sz_opt;
 #endif
 	static uint32_t scope_id = 0;
@ -47,6 +47,9 @@ diff -up iputils-s20101006/ping6.c.drop_caps iputils-s20101006/ping6.c
 
 	icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
 	socket_errno = errno;
+@@ -543,6 +550,16 @@ int main(int argc, char *argv[])
+ 		exit(-1);
+ 	}
 
 +#ifdef HAVE_CAPABILITIES
 +	/* drop all capabilities unconditionally so even root isn't special anymore */
@ -55,14 +58,15 @@ diff -up iputils-s20101006/ping6.c.drop_caps iputils-s20101006/ping6.c
 +		perror("ping: cap_set_proc");
 +		exit(-1);
 +	}
+	cap_free(caps);
 +#endif
 +
- 	uid = getuid();
- 	if (setuid(uid)) {
- 		perror("ping: setuid");
+ 	source.sin6_family = AF_INET6;
+ 	memset(&firsthop, 0, sizeof(firsthop));
+ 	firsthop.sin6_family = AF_INET6;
 diff -up iputils-s20101006/ping.c.drop_caps iputils-s20101006/ping.c
--- iputils-s20101006/ping.c.drop_caps	2010-11-08 09:31:42.096854873 +0100
-+++ iputils-s20101006/ping.c	2010-11-08 09:31:42.127870437 +0100
+--- iputils-s20101006/ping.c.drop_caps	2010-11-08 14:49:53.314577272 +0100
+++ iputils-s20101006/ping.c	2010-12-15 16:05:52.113794002 +0100
@@ -66,6 +66,10 @@ char copyright[] =
 #include <netinet/ip.h>
 #include <netinet/ip_icmp.h>
@ -84,9 +88,9 @@ diff -up iputils-s20101006/ping.c.drop_caps iputils-s20101006/ping.c
 
 	char *idn;
 	int rc = 0;
-@@ -133,6 +140,15 @@ main(int argc, char **argv)
- 	icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
- 	socket_errno = errno;
+@@ -139,6 +146,16 @@ main(int argc, char **argv)
+ 		exit(-1);
+ 	}
 
 +#ifdef HAVE_CAPABILITIES
 +	/* drop all capabilities unconditionally so even root isn't special anymore */
@ -95,8 +99,9 @@ diff -up iputils-s20101006/ping.c.drop_caps iputils-s20101006/ping.c
 +		perror("ping: cap_set_proc");
 +		exit(-1);
 +	}
+	cap_free(caps);
 +#endif
 +
- 	uid = getuid();
- 	if (setuid(uid)) {
- 		perror("ping: setuid");
+ 	source.sin_family = AF_INET;
+ 
+ 	preload = 1;
--- a/iputils.spec
+++ b/iputils.spec
@ -1,7 +1,7 @@
 Summary: Network monitoring tools including ping
 Name: iputils
 Version: 20101006
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: BSD
 URL: http://www.skbuff.net/iputils
 Group: System Environment/Daemons
@ -9,6 +9,7 @@ Group: System Environment/Daemons
 Source0: http://www.skbuff.net/iputils/%{name}-s%{version}.tar.bz2
 Source1: ifenslave.tar.gz
 Source3: rdisc.initd
+Source4: rdisc.service

 Patch0: iputils-20020927-rh.patch
 Patch1: iputils-20020124-countermeasures.patch
@ -33,9 +34,12 @@ BuildRequires: libidn-devel
 BuildRequires: openssl-devel
 BuildRequires: libcap-devel
 Requires(post): /sbin/chkconfig
+Requires(post): systemd-units
 Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
+Requires(preun): systemd-units
 Requires(postun): /sbin/service
+Requires(postun): systemd-units

 %description
 The iputils package contains basic utilities for monitoring a network,
@ -79,6 +83,8 @@ rm -rf ${RPM_BUILD_ROOT}

 mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
 mkdir -p ${RPM_BUILD_ROOT}/{bin,sbin}
+mkdir -p $RPM_BUILD_ROOT/lib/systemd/system
+
 install -c clockdiff		${RPM_BUILD_ROOT}%{_sbindir}/
 install -cp arping		${RPM_BUILD_ROOT}/sbin/
 ln -s /sbin/arping		${RPM_BUILD_ROOT}%{_sbindir}/arping
@ -106,6 +112,7 @@ ln -s tracepath.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/tracepath6.8.gz

 install -dp ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d
 install -m 755 -p %SOURCE3 ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d/rdisc
+install -m 644 %SOURCE4 ${RPM_BUILD_ROOT}/lib/systemd/system

 iconv -f ISO88591 -t UTF8 RELNOTES -o RELNOTES.tmp
 touch -r RELNOTES RELNOTES.tmp
@ -113,19 +120,26 @@ mv -f RELNOTES.tmp RELNOTES

 %post
 /sbin/chkconfig --add rdisc
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :

 %preun
 if [ $1 = 0 ]; then
 	service rdisc stop >/dev/null 2>&1
 	/sbin/chkconfig --del rdisc
+
+	/bin/systemctl disable rdisc.service > /dev/null 2>&1 || :
+	/bin/systemctl stop rdisc.service > /dev/null 2>&1 || :
 fi 

 %postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
 if [ "$1" -ge "1" ]; then
 	service rdisc status 2>&1 > /dev/null
 	if [ $? -eq 0 ]; then
 		service rdisc restart >/dev/null 2>&1 || :
 	fi
+	/bin/systemctl try-restart rdisc.service >/dev/null 2>&1 || :
 fi


@ -135,6 +149,7 @@ rm -rf ${RPM_BUILD_ROOT}
 %files
 %defattr(-,root,root,-)
 %doc RELNOTES README.bonding
+/lib/systemd/system/rdisc.service
 %{_sbindir}/clockdiff
 /sbin/arping
 %{_sbindir}/arping
@ -151,6 +166,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_sysconfdir}/rc.d/init.d/rdisc

 %changelog
+* Wed Dec 15 2010 Jiri Skala <jskala@redhat.com> - 20101006-4
+- fixes #662720 - Providing native systemd file
+- freeing memory when capabilities are dropped
+
 * Mon Nov 08 2010 Jiri Skala <jskala@redhat.com> - 20101006-3
 - applied patch dropping capabilities of Ludwig Nussel
 - fixes building ping, pinpg6 with -pie option
--- a/rdisc.service
+++ b/rdisc.service
@ -0,0 +1,11 @@
+[Unit]
+Description=rdisc daemon which discovers routers on the local subnet
+After=syslog.target network.target
+
+[Service]
+Type=forking
+EnvironmentFile=/etc/sysconfig/rdisc
+ExecStart=/sbin/rdisc $RDISCOPTS
+
+[Install]
+WantedBy=multi-user.target