Add a hackish attempt at a workaround for #961235

Add a patch to create /run/user/0 if we're trying to resolve a
DIR: ccache somewhere below it and neither the target location
nor /run/user/0 exist yet.
The better workaround is to set the location's owner to "linger"
via logind, since even after we do what we're doing here, if
the user logs in and logs back out, our location is still removed.
This commit is contained in:
Nalin Dahyabhai 2013-05-30 12:26:42 -04:00
parent 559c78a30a
commit dc293b3d84
2 changed files with 40 additions and 0 deletions

View File

@ -0,0 +1,34 @@
A hack: if we're looking at creating a ccache directory directly below
the /run/user/0 directory, and /run/user/0 doesn't exist, try to create
it, too.
--- krb5/src/lib/krb5/ccache/cc_dir.c
+++ krb5/src/lib/krb5/ccache/cc_dir.c
@@ -61,6 +61,8 @@
#include <dirent.h>
+#define ROOT_SPECIAL_DCC_PARENT "/run/user/0"
+
extern const krb5_cc_ops krb5_dcc_ops;
extern const krb5_cc_ops krb5_fcc_ops;
@@ -239,6 +241,18 @@
if (stat(dirname, &st) < 0) {
if (errno == ENOENT) {
+ if (strncmp(dirname, ROOT_SPECIAL_DCC_PARENT "/",
+ sizeof(ROOT_SPECIAL_DCC_PARENT)) == 0 &&
+ stat(ROOT_SPECIAL_DCC_PARENT, &st) < 0 &&
+ errno == ENOENT) {
+#ifdef USE_SELINUX
+ selabel = krb5int_push_fscreatecon_for(ROOT_SPECIAL_DCC_PARENT);
+#endif
+ status = mkdir(ROOT_SPECIAL_DCC_PARENT, S_IRWXU);
+#ifdef USE_SELINUX
+ krb5int_pop_fscreatecon(selabel);
+#endif
+ }
#ifdef USE_SELINUX
selabel = krb5int_push_fscreatecon_for(dirname);
#endif

View File

@ -85,6 +85,7 @@ Patch125: krb5-1.11.2-skew1.patch
Patch126: krb5-1.11.2-skew2.patch
Patch127: krb5-master-test_gss_no_udp.patch
Patch128: krb5-master-test_no_pmap.patch
Patch129: krb5-1.11-run_user_0.patch
# Patches for otp plugin backport
Patch201: krb5-1.11.2-keycheck.patch
@ -312,6 +313,7 @@ ln -s NOTICE LICENSE
%patch126 -p1 -b .skew2
%patch127 -p1 -b .test_gss_no_udp
%patch128 -p1 -b .test_no_pmap
%patch129 -p1 -b .run_user_0
%patch201 -p1 -b .keycheck
%patch202 -p1 -b .otp
@ -840,6 +842,10 @@ exit 0
* Thu May 30 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.2-9
- don't forget to set the SELinux label when creating the directory for
a DIR: ccache
- special-case /run/user/0, attempting to create it when resolving a
directory cache below it fails due to ENOENT and we find that it doesn't
already exist, either, before attempting to create the directory cache
(maybe helping, maybe just making things more confusing for #961235)
* Thu May 30 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.2-8
- pull in patches from master to not test GSSRPC-over-UDP and to not