0b7304dd79
- Update to upstream release 2017-08-04 - Use 'sefcontext_compile -r' when it's run during SELinux policy build
134 lines
4.4 KiB
Diff
134 lines
4.4 KiB
Diff
diff --git libsemanage-2.7/src/direct_api.c libsemanage-2.7/src/direct_api.c
|
|
index 65842df..ed11a7c 100644
|
|
--- libsemanage-2.7/src/direct_api.c
|
|
+++ libsemanage-2.7/src/direct_api.c
|
|
@@ -148,9 +148,6 @@ int semanage_direct_connect(semanage_handle_t * sh)
|
|
if (semanage_create_store(sh, 1))
|
|
goto err;
|
|
|
|
- if (semanage_access_check(sh) < SEMANAGE_CAN_READ)
|
|
- goto err;
|
|
-
|
|
sh->u.direct.translock_file_fd = -1;
|
|
sh->u.direct.activelock_file_fd = -1;
|
|
|
|
@@ -373,10 +370,6 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
|
|
|
|
static int semanage_direct_begintrans(semanage_handle_t * sh)
|
|
{
|
|
-
|
|
- if (semanage_access_check(sh) != SEMANAGE_CAN_WRITE) {
|
|
- return -1;
|
|
- }
|
|
if (semanage_get_trans_lock(sh) < 0) {
|
|
return -1;
|
|
}
|
|
@@ -1545,33 +1538,27 @@ rebuild:
|
|
}
|
|
|
|
path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
|
|
- if (access(path, F_OK) == 0) {
|
|
- retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
|
|
- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
|
|
- sh->conf->file_mode);
|
|
- if (retval < 0) {
|
|
- goto cleanup;
|
|
- }
|
|
+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
|
|
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
|
|
+ sh->conf->file_mode);
|
|
+ if (retval < 0 && errno != ENOENT) {
|
|
+ goto cleanup;
|
|
}
|
|
|
|
path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
|
|
- if (access(path, F_OK) == 0) {
|
|
- retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
|
|
- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
|
|
- sh->conf->file_mode);
|
|
- if (retval < 0) {
|
|
- goto cleanup;
|
|
- }
|
|
+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
|
|
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
|
|
+ sh->conf->file_mode);
|
|
+ if (retval < 0 && errno != ENOENT) {
|
|
+ goto cleanup;
|
|
}
|
|
|
|
path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
|
|
- if (access(path, F_OK) == 0) {
|
|
- retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
|
|
- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
|
|
- sh->conf->file_mode);
|
|
- if (retval < 0) {
|
|
- goto cleanup;
|
|
- }
|
|
+ retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
|
|
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
|
|
+ sh->conf->file_mode);
|
|
+ if (retval < 0 && errno != ENOENT) {
|
|
+ goto cleanup;
|
|
}
|
|
|
|
/* run genhomedircon if its enabled, this should be the last operation
|
|
diff --git libsemanage-2.7/src/semanage_store.c libsemanage-2.7/src/semanage_store.c
|
|
index 6158d08..d2d7e3e 100644
|
|
--- libsemanage-2.7/src/semanage_store.c
|
|
+++ libsemanage-2.7/src/semanage_store.c
|
|
@@ -537,7 +537,6 @@ char *semanage_conf_path(void)
|
|
int semanage_create_store(semanage_handle_t * sh, int create)
|
|
{
|
|
struct stat sb;
|
|
- int mode_mask = R_OK | W_OK | X_OK;
|
|
const char *path = semanage_files[SEMANAGE_ROOT];
|
|
int fd;
|
|
|
|
@@ -556,9 +555,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
|
|
return -1;
|
|
}
|
|
} else {
|
|
- if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
|
|
+ if (!S_ISDIR(sb.st_mode)) {
|
|
ERR(sh,
|
|
- "Could not access module store at %s, or it is not a directory.",
|
|
+ "Module store at %s is not a directory.",
|
|
path);
|
|
return -1;
|
|
}
|
|
@@ -579,9 +578,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
|
|
return -1;
|
|
}
|
|
} else {
|
|
- if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
|
|
+ if (!S_ISDIR(sb.st_mode)) {
|
|
ERR(sh,
|
|
- "Could not access module store active subdirectory at %s, or it is not a directory.",
|
|
+ "Module store active subdirectory at %s is not a directory.",
|
|
path);
|
|
return -1;
|
|
}
|
|
@@ -602,9 +601,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
|
|
return -1;
|
|
}
|
|
} else {
|
|
- if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
|
|
+ if (!S_ISDIR(sb.st_mode)) {
|
|
ERR(sh,
|
|
- "Could not access module store active modules subdirectory at %s, or it is not a directory.",
|
|
+ "Module store active modules subdirectory at %s is not a directory.",
|
|
path);
|
|
return -1;
|
|
}
|
|
@@ -623,8 +622,8 @@ int semanage_create_store(semanage_handle_t * sh, int create)
|
|
return -1;
|
|
}
|
|
} else {
|
|
- if (!S_ISREG(sb.st_mode) || access(path, R_OK | W_OK) == -1) {
|
|
- ERR(sh, "Could not access lock file at %s.", path);
|
|
+ if (!S_ISREG(sb.st_mode)) {
|
|
+ ERR(sh, "Lock file at %s missing.", path);
|
|
return -1;
|
|
}
|
|
}
|