libselinux-2.8-7

- selinux_restorecon: Skip customized files also without -v - Do not dereference symlink with statfs in selinux_restorecon
2019-01-21 17:29:28 +01:00 · 2019-01-21 17:29:28 +01:00 · f4f1a7cf6d
commit f4f1a7cf6d
parent c48dc77a94
2 changed files with 26 additions and 3 deletions
--- a/libselinux-fedora.patch
+++ b/libselinux-fedora.patch
@ -373,7 +373,7 @@ index 292728f..b06cb63 100644
 	for (i = 0; i < NEL; i++)
 diff --git libselinux-2.8/src/selinux_restorecon.c libselinux-2.8/src/selinux_restorecon.c
-index ced4115..8714a70 100644
+index ced4115..1e9a978 100644
 --- libselinux-2.8/src/selinux_restorecon.c
 +++ libselinux-2.8/src/selinux_restorecon.c
@@ -350,12 +350,19 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
@ -398,6 +398,16 @@ index ced4115..8714a70 100644
 	new_entry->result = digest_result;
@@ -671,8 +678,8 @@ static int restorecon_sb(const char *pathname, const struct stat *sb,
 				selinux_log(SELINUX_INFO,
 				 "%s not reset as customized by admin to %s\n",
 							    pathname, curcon);
 -				goto out;
 			}
 +			goto out;
 		}
 		if (!flags->set_specctx && curcon) {
@@ -849,6 +856,7 @@ int selinux_restorecon(const char *pathname_orig,
 	if (lstat(pathname, &sb) < 0) {
@ -406,6 +416,15 @@ index ced4115..8714a70 100644
 			free(pathdnamer);
 			free(pathname);
 			return 0;
@@ -880,7 +888,7 @@ int selinux_restorecon(const char *pathname_orig,
 		setrestoreconlast = false;
 	/* Ignore restoreconlast on in-memory filesystems */
 -	if (statfs(pathname, &sfsb) == 0) {
 +	if (setrestoreconlast && statfs(pathname, &sfsb) == 0) {
 		if (sfsb.f_type == RAMFS_MAGIC || sfsb.f_type == TMPFS_MAGIC)
 			setrestoreconlast = false;
 	}
 diff --git libselinux-2.8/src/setfilecon.c libselinux-2.8/src/setfilecon.c
 index d05969c..3f0200e 100644
 --- libselinux-2.8/src/setfilecon.c
--- a/libselinux.spec
+++ b/libselinux.spec
@ -4,7 +4,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.8
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: Public Domain
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/libselinux-2.8.tar.gz
@ -14,7 +14,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.8 ./make-fedora-selinux-patch.sh libselinux
-# HEAD https://github.com/fedora-selinux/selinux/commit/decd49caec76a87817686f84716503151cf2be5d
+# HEAD https://github.com/fedora-selinux/selinux/commit/10767636b5d9b8f3fa3cf3815e860f4ca4fcb247
 Patch1: libselinux-fedora.patch
 BuildRequires: gcc
 BuildRequires: python2 python2-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
@ -229,6 +229,10 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{ruby_vendorarchdir}/selinux.so
 %changelog
 * Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-7
 - selinux_restorecon: Skip customized files also without -v
 - Do not dereference symlink with statfs in selinux_restorecon
 * Mon Jan 21 2019 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.8-6
 - F-30: rebuild against ruby26