Label DIR: ccache directories when we create them
- don't forget to set the SELinux label when creating the directory for a DIR: ccache
This commit is contained in:
parent
11a4bca1fa
commit
559c78a30a
@ -897,6 +897,32 @@ which we used earlier, is some improvement.
|
|||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
#ifdef HAVE_CHMOD
|
#ifdef HAVE_CHMOD
|
||||||
|
@@ -223,10 +232,23 @@
|
||||||
|
verify_dir(krb5_context context, const char *dirname)
|
||||||
|
{
|
||||||
|
struct stat st;
|
||||||
|
+ int status;
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ void *selabel;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
if (stat(dirname, &st) < 0) {
|
||||||
|
- if (errno == ENOENT && mkdir(dirname, S_IRWXU) == 0)
|
||||||
|
- return 0;
|
||||||
|
+ if (errno == ENOENT) {
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ selabel = krb5int_push_fscreatecon_for(dirname);
|
||||||
|
+#endif
|
||||||
|
+ status = mkdir(dirname, S_IRWXU);
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ krb5int_pop_fscreatecon(selabel);
|
||||||
|
+#endif
|
||||||
|
+ if (status == 0)
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
krb5_set_error_message(context, KRB5_FCC_NOFILE,
|
||||||
|
_("Credential cache directory %s does not "
|
||||||
|
"exist"), dirname);
|
||||||
--- krb5/src/lib/krb5/os/trace.c
|
--- krb5/src/lib/krb5/os/trace.c
|
||||||
+++ krb5/src/lib/krb5/os/trace.c
|
+++ krb5/src/lib/krb5/os/trace.c
|
||||||
@@ -401,7 +401,7 @@ krb5_set_trace_filename(krb5_context con
|
@@ -401,7 +401,7 @@ krb5_set_trace_filename(krb5_context con
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
Summary: The Kerberos network authentication system
|
Summary: The Kerberos network authentication system
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.11.2
|
Version: 1.11.2
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||||
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.2-signed.tar
|
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.2-signed.tar
|
||||||
Source0: krb5-%{version}.tar.gz
|
Source0: krb5-%{version}.tar.gz
|
||||||
@ -837,6 +837,10 @@ exit 0
|
|||||||
%{_sbindir}/uuserver
|
%{_sbindir}/uuserver
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 30 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.2-9
|
||||||
|
- don't forget to set the SELinux label when creating the directory for
|
||||||
|
a DIR: ccache
|
||||||
|
|
||||||
* Thu May 30 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.2-8
|
* Thu May 30 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.2-8
|
||||||
- pull in patches from master to not test GSSRPC-over-UDP and to not
|
- pull in patches from master to not test GSSRPC-over-UDP and to not
|
||||||
depend on the portmapper, which are areas where our build systems
|
depend on the portmapper, which are areas where our build systems
|
||||||
|
Loading…
Reference in New Issue
Block a user