logrotate/logrotate-3.7.6-selinux.patch

85 lines
2.3 KiB
Diff
Raw Normal View History

Written-by: Tomas Smetana <tsmetana@redhat.com>
diff -up logrotate-3.7.6/logrotate.c.selinux logrotate-3.7.6/logrotate.c
--- logrotate-3.7.6/logrotate.c.selinux 2008-01-09 09:37:16.000000000 +0100
+++ logrotate-3.7.6/logrotate.c 2008-01-09 09:39:05.000000000 +0100
@@ -899,6 +899,9 @@ int rotateSingleLog(logInfo * log, int l
int hasErrors = 0;
struct stat sb;
int fd;
+#ifdef WITH_SELINUX
+ security_context_t savedContext;
+#endif
if (!state->doRotate)
return 0;
@@ -906,7 +909,51 @@ int rotateSingleLog(logInfo * log, int l
if (!hasErrors) {
if (!(log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))) {
- message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
+#ifdef WITH_SELINUX
+ if (selinux_enabled) {
+ security_context_t oldContext;
+ int fdcurr = -1;
+
+ if ((fdcurr = open(log->files[logNum], O_RDWR)) < 0) {
+ message(MESS_ERROR, "error opening %s: %s\n",
+ log->files[logNum],
+ strerror(errno));
+ return 1;
+ }
+ if (fgetfilecon_raw(fdcurr, &oldContext) >= 0) {
+ if (getfscreatecon_raw(&savedContext) < 0) {
+ message(MESS_ERROR,
+ "getting default context: %s\n",
+ strerror(errno));
+ if (selinux_enforce) {
+ freecon(oldContext);
+ return 1;
+ }
+ }
+ if (setfscreatecon_raw(oldContext) < 0) {
+ message(MESS_ERROR,
+ "setting file context %s to %s: %s\n",
+ log->files[logNum], oldContext, strerror(errno));
+ if (selinux_enforce) {
+ freecon(oldContext);
+ return 1;
+ }
+ }
+ message(MESS_DEBUG, "fscreate context set to %s\n",
+ oldContext);
+ freecon(oldContext);
+ } else {
+ if (errno != ENOTSUP) {
+ message(MESS_ERROR, "getting file context %s: %s\n",
+ log->files[logNum], strerror(errno));
+ if (selinux_enforce) {
+ return 1;
+ }
+ }
+ }
+ }
+#endif
+ message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
rotNames->finalName);
if (!debug && !hasErrors &&
@@ -961,6 +1008,15 @@ int rotateSingleLog(logInfo * log, int l
close(fd);
}
}
+#ifdef WITH_SELINUX
+ if (selinux_enabled) {
+ setfscreatecon_raw(savedContext);
+ if (prev_context != NULL) {
+ freecon(prev_context);
+ prev_context = NULL;
+ }
+ }
+#endif
if (!hasErrors
&& log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))