- fix #427274 - logrotate fails to preserve SELinux file contexts

- fix #427661 - SELinux stops vsftpd from working correctly

logrotate-3.7.6-selinux.patch

@@ -0,0 +1,84 @@
+Written-by: Tomas Smetana <tsmetana@redhat.com>
+
+diff -up logrotate-3.7.6/logrotate.c.selinux logrotate-3.7.6/logrotate.c
+--- logrotate-3.7.6/logrotate.c.selinux	2008-01-09 09:37:16.000000000 +0100
++++ logrotate-3.7.6/logrotate.c	2008-01-09 09:39:05.000000000 +0100
+@@ -899,6 +899,9 @@ int rotateSingleLog(logInfo * log, int l
+     int hasErrors = 0;
+     struct stat sb;
+     int fd;
++#ifdef WITH_SELINUX
++	security_context_t savedContext;
++#endif
+ 
+     if (!state->doRotate)
+ 	return 0;
+@@ -906,7 +909,51 @@ int rotateSingleLog(logInfo * log, int l
+     if (!hasErrors) {
+ 
+ 	if (!(log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))) {
+-	    message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
++#ifdef WITH_SELINUX
++		if (selinux_enabled) {
++			security_context_t oldContext;
++			int fdcurr = -1;
++
++			if ((fdcurr = open(log->files[logNum], O_RDWR)) < 0) {
++				message(MESS_ERROR, "error opening %s: %s\n",
++						log->files[logNum],
++					strerror(errno));
++				return 1;
++			}
++			if (fgetfilecon_raw(fdcurr, &oldContext) >= 0) {
++				if (getfscreatecon_raw(&savedContext) < 0) {
++					message(MESS_ERROR,
++						"getting default context: %s\n",
++						strerror(errno));
++					if (selinux_enforce) {
++						freecon(oldContext);
++						return 1;
++					}
++				}
++				if (setfscreatecon_raw(oldContext) < 0) {
++					message(MESS_ERROR,
++						"setting file context %s to %s: %s\n",
++						log->files[logNum], oldContext, strerror(errno));
++					if (selinux_enforce) {
++					freecon(oldContext);
++					return 1;
++					}
++				}
++				message(MESS_DEBUG, "fscreate context set to %s\n",
++						oldContext);
++				freecon(oldContext);
++			} else {
++				if (errno != ENOTSUP) {
++					message(MESS_ERROR, "getting file context %s: %s\n",
++						log->files[logNum], strerror(errno));
++					if (selinux_enforce) {
++						return 1;
++					}
++				}
++			}
++		}
++#endif
++		message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
+ 		    rotNames->finalName);
+ 
+ 	    if (!debug && !hasErrors &&
+@@ -961,6 +1008,15 @@ int rotateSingleLog(logInfo * log, int l
+                     close(fd);
+ 	    }
+ 	}
++#ifdef WITH_SELINUX
++	if (selinux_enabled) {
++	    setfscreatecon_raw(savedContext);
++	    if (prev_context != NULL) {
++			freecon(prev_context);
++			prev_context = NULL;
++	    }
++	}
++#endif
+ 
+ 	if (!hasErrors
+ 	    && log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))

logrotate.spec

@@ -1,7 +1,7 @@
 Summary: Rotates, compresses, removes and mails system log files
 Name: logrotate
 Version: 3.7.6
-Release: 1.3%{?dist}
+Release: 2%{?dist}
 License: GPL+
 Group: System Environment/Base
 # The source for this package was pulled from cvs.
@@ -12,6 +12,7 @@ Group: System Environment/Base
 #  cd logrotate
 #  make create-archive
 Source: logrotate-%{version}.tar.gz
+Patch1: logrotate-3.7.6-selinux.patch
 Requires: coreutils >= 5.92 libsepol libselinux popt
 BuildRequires: libselinux-devel popt-devel
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -29,6 +30,7 @@ log files on your system.
 
 %prep
 %setup -q
+%patch1 -p1 -b .selinux
 
 %build
 make %{?_smp_mflags} RPM_OPT_FLAGS="$RPM_OPT_FLAGS" WITH_SELINUX=yes
@@ -58,6 +60,10 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0644, root, root) %verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/logrotate.status
 
 %changelog
+* Wed Jan 09 2008 Tomas Smetana <tsmetana@redhat.com> 3.7.6-2
+- fix #427274 - logrotate fails to preserve SELinux file contexts
+- fix #427661 - SELinux stops vsftpd from working correctly
+
 * Thu Sep 27 2007 Tomas Smetana <tsmetana@redhat.com> 3.7.6-1.3
 - popt-devel dependency was still missing