rpms/krb5
6
0
Fork 0
Code Issues Pull Requests Releases Activity

back out the recent labeling change, per dwalsh

Browse Source 
- back out this labeling change (dwalsh):
  - when building the new label for a file we're about to create, also mix
    in the current range, in addition to the current user
This commit is contained in:
Nalin Dahyabhai 2012-06-05 16:24:15 -04:00
parent 6e8c2c396c
commit 16a5c7affc
2 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
krb5-1.10.2-selinux-label.patch
View File

@ -465,7 +465,7 @@ which we used earlier, is some improvement.
--- krb5/src/util/support/selinux.c --- krb5/src/util/support/selinux.c
+++ krb5/src/util/support/selinux.c +++ krb5/src/util/support/selinux.c
@@ -0,0 +1,379 @@ @@ -0,0 +1,373 @@
+/* +/*
+ * Copyright 2007,2008,2009,2011,2012 Red Hat, Inc. All Rights Reserved. + * Copyright 2007,2008,2009,2011,2012 Red Hat, Inc. All Rights Reserved.
+ * + *
@ -540,7 +540,7 @@ which we used earlier, is some improvement.
+{ +{
+ security_context_t previous, configuredsc, currentsc, derivedsc; + security_context_t previous, configuredsc, currentsc, derivedsc;
+ context_t current, derived; + context_t current, derived;
+ const char *fullpath, *currentuser, *currentrange; + const char *fullpath, *currentuser;
+#ifdef HAVE_SELINUX_LABEL_H +#ifdef HAVE_SELINUX_LABEL_H
+ struct selabel_handle *ctx; + struct selabel_handle *ctx;
+#endif +#endif
@ -624,16 +624,10 @@ which we used earlier, is some improvement.
+ if (currentuser != NULL) { + if (currentuser != NULL) {
+ if (context_user_set(derived, + if (context_user_set(derived,
+ currentuser) == 0) { + currentuser) == 0) {
+ currentrange = context_range_get(current); + derivedsc = context_str(derived);
+ if (currentrange != NULL) { + if (derivedsc != NULL) {
+ if (context_range_set(derived, + freecon(configuredsc);
+ currentrange) == 0) { + configuredsc = strdup(derivedsc);
+ derivedsc = context_str(derived);
+ if (derivedsc != NULL) {
+ freecon(configuredsc);
+ configuredsc = strdup(derivedsc);
+ }
+ }
+ } + }
+ } + }
+ } + }

7
krb5.spec
View File

@ -20,7 +20,7 @@
Summary: The Kerberos network authentication system Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.10.2 Version: 1.10.2
Release: 1%{?dist} Release: 2%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.2-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.2-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
@ -753,6 +753,11 @@ exit 0
%{_sbindir}/uuserver %{_sbindir}/uuserver
%changelog %changelog
* Tue Jun 5 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-2
- back out this labeling change (dwalsh):
- when building the new label for a file we're about to create, also mix
in the current range, in addition to the current user
* Fri Jun 1 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-1 * Fri Jun 1 2012 Nalin Dahyabhai <nalin@redhat.com> 1.10.2-1
- update to 1.10.2 - update to 1.10.2
- when building the new label for a file we're about to create, also mix - when building the new label for a file we're about to create, also mix