85 lines
2.3 KiB
Diff
85 lines
2.3 KiB
Diff
|
Written-by: Tomas Smetana <tsmetana@redhat.com>
|
||
|
|
||
|
diff -up logrotate-3.7.6/logrotate.c.selinux logrotate-3.7.6/logrotate.c
|
||
|
--- logrotate-3.7.6/logrotate.c.selinux 2008-01-09 09:37:16.000000000 +0100
|
||
|
+++ logrotate-3.7.6/logrotate.c 2008-01-09 09:39:05.000000000 +0100
|
||
|
@@ -899,6 +899,9 @@ int rotateSingleLog(logInfo * log, int l
|
||
|
int hasErrors = 0;
|
||
|
struct stat sb;
|
||
|
int fd;
|
||
|
+#ifdef WITH_SELINUX
|
||
|
+ security_context_t savedContext;
|
||
|
+#endif
|
||
|
|
||
|
if (!state->doRotate)
|
||
|
return 0;
|
||
|
@@ -906,7 +909,51 @@ int rotateSingleLog(logInfo * log, int l
|
||
|
if (!hasErrors) {
|
||
|
|
||
|
if (!(log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))) {
|
||
|
- message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
|
||
|
+#ifdef WITH_SELINUX
|
||
|
+ if (selinux_enabled) {
|
||
|
+ security_context_t oldContext;
|
||
|
+ int fdcurr = -1;
|
||
|
+
|
||
|
+ if ((fdcurr = open(log->files[logNum], O_RDWR)) < 0) {
|
||
|
+ message(MESS_ERROR, "error opening %s: %s\n",
|
||
|
+ log->files[logNum],
|
||
|
+ strerror(errno));
|
||
|
+ return 1;
|
||
|
+ }
|
||
|
+ if (fgetfilecon_raw(fdcurr, &oldContext) >= 0) {
|
||
|
+ if (getfscreatecon_raw(&savedContext) < 0) {
|
||
|
+ message(MESS_ERROR,
|
||
|
+ "getting default context: %s\n",
|
||
|
+ strerror(errno));
|
||
|
+ if (selinux_enforce) {
|
||
|
+ freecon(oldContext);
|
||
|
+ return 1;
|
||
|
+ }
|
||
|
+ }
|
||
|
+ if (setfscreatecon_raw(oldContext) < 0) {
|
||
|
+ message(MESS_ERROR,
|
||
|
+ "setting file context %s to %s: %s\n",
|
||
|
+ log->files[logNum], oldContext, strerror(errno));
|
||
|
+ if (selinux_enforce) {
|
||
|
+ freecon(oldContext);
|
||
|
+ return 1;
|
||
|
+ }
|
||
|
+ }
|
||
|
+ message(MESS_DEBUG, "fscreate context set to %s\n",
|
||
|
+ oldContext);
|
||
|
+ freecon(oldContext);
|
||
|
+ } else {
|
||
|
+ if (errno != ENOTSUP) {
|
||
|
+ message(MESS_ERROR, "getting file context %s: %s\n",
|
||
|
+ log->files[logNum], strerror(errno));
|
||
|
+ if (selinux_enforce) {
|
||
|
+ return 1;
|
||
|
+ }
|
||
|
+ }
|
||
|
+ }
|
||
|
+ }
|
||
|
+#endif
|
||
|
+ message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
|
||
|
rotNames->finalName);
|
||
|
|
||
|
if (!debug && !hasErrors &&
|
||
|
@@ -961,6 +1008,15 @@ int rotateSingleLog(logInfo * log, int l
|
||
|
close(fd);
|
||
|
}
|
||
|
}
|
||
|
+#ifdef WITH_SELINUX
|
||
|
+ if (selinux_enabled) {
|
||
|
+ setfscreatecon_raw(savedContext);
|
||
|
+ if (prev_context != NULL) {
|
||
|
+ freecon(prev_context);
|
||
|
+ prev_context = NULL;
|
||
|
+ }
|
||
|
+ }
|
||
|
+#endif
|
||
|
|
||
|
if (!hasErrors
|
||
|
&& log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))
|