- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list

2010-07-27 17:50:51 +00:00 · 2010-07-27 17:50:51 +00:00 · 159f7d2174
commit 159f7d2174
parent 9eca71ac71
2 changed files with 43 additions and 2 deletions
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@ -153,6 +153,44 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
 	va_start(ap, fmt);
 	rc = vfprintf(stderr, fmt, ap);
 	va_end(ap);
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/get_context_list.c libselinux-2.0.96/src/get_context_list.c
+--- nsalibselinux/src/get_context_list.c	2010-05-19 14:45:51.000000000 -0400
+++ libselinux-2.0.96/src/get_context_list.c	2010-07-27 13:09:08.000000000 -0400
+@@ -286,7 +286,6 @@
+ 	if (buf[plen - 1] == '\n')
+ 		buf[plen - 1] = 0;
+ 
+-      retry:
+ 	nlen = strlen(user) + 1 + plen + 1;
+ 	*newcon = malloc(nlen);
+ 	if (!(*newcon))
+@@ -306,10 +305,6 @@
+ 	if (security_check_context(*newcon) && errno != ENOENT) {
+ 		free(*newcon);
+ 		*newcon = 0;
+-		if (strcmp(user, SELINUX_DEFAULTUSER)) {
+-			user = SELINUX_DEFAULTUSER;
+-			goto retry;
+-		}
+ 		return -1;
+ 	}
+ 
+@@ -418,13 +413,8 @@
+ 
+ 	/* Determine the set of reachable contexts for the user. */
+ 	rc = security_compute_user(fromcon, user, &reachable);
+-	if (rc < 0) {
+-		/* Retry with the default SELinux user identity. */
+-		user = SELINUX_DEFAULTUSER;
+-		rc = security_compute_user(fromcon, user, &reachable);
+-		if (rc < 0)
+-			goto failsafe;
+-	}
+	if (rc < 0)
+		goto failsafe;
+ 	nreach = 0;
+ 	for (ptr = reachable; *ptr; ptr++)
+ 		nreach++;
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.96/src/Makefile
 --- nsalibselinux/src/Makefile	2010-05-19 14:45:51.000000000 -0400
 +++ libselinux-2.0.96/src/Makefile	2010-06-16 09:20:39.000000000 -0400
@ -211,7 +249,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.9
 install-rubywrap: rubywrap
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.96/src/matchpathcon.c
 --- nsalibselinux/src/matchpathcon.c	2010-05-19 14:45:51.000000000 -0400
-+++ libselinux-2.0.96/src/matchpathcon.c	2010-06-16 09:20:34.000000000 -0400
+++ libselinux-2.0.96/src/matchpathcon.c	2010-07-26 14:55:18.000000000 -0400
@@ -2,6 +2,7 @@
 #include <string.h>
 #include <errno.h>
--- a/libselinux.spec
+++ b/libselinux.spec
@ -7,7 +7,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.0.96
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
@ -230,6 +230,9 @@ exit 0
 %{ruby_sitearch}/selinux.so

 %changelog
+* Tue Jul 27 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-4
+- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
+
 * Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.96-3
 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild