- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
This commit is contained in:
parent
9eca71ac71
commit
159f7d2174
@ -153,6 +153,44 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
|
|||||||
va_start(ap, fmt);
|
va_start(ap, fmt);
|
||||||
rc = vfprintf(stderr, fmt, ap);
|
rc = vfprintf(stderr, fmt, ap);
|
||||||
va_end(ap);
|
va_end(ap);
|
||||||
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/get_context_list.c libselinux-2.0.96/src/get_context_list.c
|
||||||
|
--- nsalibselinux/src/get_context_list.c 2010-05-19 14:45:51.000000000 -0400
|
||||||
|
+++ libselinux-2.0.96/src/get_context_list.c 2010-07-27 13:09:08.000000000 -0400
|
||||||
|
@@ -286,7 +286,6 @@
|
||||||
|
if (buf[plen - 1] == '\n')
|
||||||
|
buf[plen - 1] = 0;
|
||||||
|
|
||||||
|
- retry:
|
||||||
|
nlen = strlen(user) + 1 + plen + 1;
|
||||||
|
*newcon = malloc(nlen);
|
||||||
|
if (!(*newcon))
|
||||||
|
@@ -306,10 +305,6 @@
|
||||||
|
if (security_check_context(*newcon) && errno != ENOENT) {
|
||||||
|
free(*newcon);
|
||||||
|
*newcon = 0;
|
||||||
|
- if (strcmp(user, SELINUX_DEFAULTUSER)) {
|
||||||
|
- user = SELINUX_DEFAULTUSER;
|
||||||
|
- goto retry;
|
||||||
|
- }
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -418,13 +413,8 @@
|
||||||
|
|
||||||
|
/* Determine the set of reachable contexts for the user. */
|
||||||
|
rc = security_compute_user(fromcon, user, &reachable);
|
||||||
|
- if (rc < 0) {
|
||||||
|
- /* Retry with the default SELinux user identity. */
|
||||||
|
- user = SELINUX_DEFAULTUSER;
|
||||||
|
- rc = security_compute_user(fromcon, user, &reachable);
|
||||||
|
- if (rc < 0)
|
||||||
|
- goto failsafe;
|
||||||
|
- }
|
||||||
|
+ if (rc < 0)
|
||||||
|
+ goto failsafe;
|
||||||
|
nreach = 0;
|
||||||
|
for (ptr = reachable; *ptr; ptr++)
|
||||||
|
nreach++;
|
||||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.96/src/Makefile
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.96/src/Makefile
|
||||||
--- nsalibselinux/src/Makefile 2010-05-19 14:45:51.000000000 -0400
|
--- nsalibselinux/src/Makefile 2010-05-19 14:45:51.000000000 -0400
|
||||||
+++ libselinux-2.0.96/src/Makefile 2010-06-16 09:20:39.000000000 -0400
|
+++ libselinux-2.0.96/src/Makefile 2010-06-16 09:20:39.000000000 -0400
|
||||||
@ -211,7 +249,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.9
|
|||||||
install-rubywrap: rubywrap
|
install-rubywrap: rubywrap
|
||||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.96/src/matchpathcon.c
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.96/src/matchpathcon.c
|
||||||
--- nsalibselinux/src/matchpathcon.c 2010-05-19 14:45:51.000000000 -0400
|
--- nsalibselinux/src/matchpathcon.c 2010-05-19 14:45:51.000000000 -0400
|
||||||
+++ libselinux-2.0.96/src/matchpathcon.c 2010-06-16 09:20:34.000000000 -0400
|
+++ libselinux-2.0.96/src/matchpathcon.c 2010-07-26 14:55:18.000000000 -0400
|
||||||
@@ -2,6 +2,7 @@
|
@@ -2,6 +2,7 @@
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux library and simple utilities
|
Summary: SELinux library and simple utilities
|
||||||
Name: libselinux
|
Name: libselinux
|
||||||
Version: 2.0.96
|
Version: 2.0.96
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: Public Domain
|
License: Public Domain
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
|
Source: http://www.nsa.gov/research/selinux/%{name}-%{version}.tgz
|
||||||
@ -230,6 +230,9 @@ exit 0
|
|||||||
%{ruby_sitearch}/selinux.so
|
%{ruby_sitearch}/selinux.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jul 27 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-4
|
||||||
|
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
|
||||||
|
|
||||||
* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.96-3
|
* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.96-3
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user