129 lines
3.5 KiB
Diff
129 lines
3.5 KiB
Diff
diff -up logrotate-3.7.6/logrotate.c.selinux logrotate-3.7.6/logrotate.c
|
|
--- logrotate-3.7.6/logrotate.c.selinux 2007-08-07 09:14:35.000000000 +0200
|
|
+++ logrotate-3.7.6/logrotate.c 2008-01-21 09:32:56.000000000 +0100
|
|
@@ -409,15 +409,17 @@ static int copyTruncate(char *currLog, c
|
|
}
|
|
#ifdef WITH_SELINUX
|
|
if (selinux_enabled) {
|
|
- security_context_t oldContext;
|
|
+ security_context_t oldContext = NULL;
|
|
if (fgetfilecon_raw(fdcurr, &oldContext) >= 0) {
|
|
if (getfscreatecon_raw(&prev_context) < 0) {
|
|
message(MESS_ERROR,
|
|
"getting default context: %s\n",
|
|
strerror(errno));
|
|
if (selinux_enforce) {
|
|
- freecon(oldContext);
|
|
- return 1;
|
|
+ if (oldContext != NULL) {
|
|
+ freecon(oldContext);
|
|
+ }
|
|
+ return 1;
|
|
}
|
|
}
|
|
if (setfscreatecon_raw(oldContext) < 0) {
|
|
@@ -425,11 +427,15 @@ static int copyTruncate(char *currLog, c
|
|
"setting file context %s to %s: %s\n",
|
|
saveLog, oldContext, strerror(errno));
|
|
if (selinux_enforce) {
|
|
- freecon(oldContext);
|
|
- return 1;
|
|
+ if (oldContext != NULL) {
|
|
+ freecon(oldContext);
|
|
+ }
|
|
+ return 1;
|
|
}
|
|
}
|
|
- freecon(oldContext);
|
|
+ if (oldContext != NULL) {
|
|
+ freecon(oldContext);
|
|
+ }
|
|
} else {
|
|
if (errno != ENOTSUP) {
|
|
message(MESS_ERROR, "getting file context %s: %s\n",
|
|
@@ -899,6 +905,9 @@ int rotateSingleLog(logInfo * log, int l
|
|
int hasErrors = 0;
|
|
struct stat sb;
|
|
int fd;
|
|
+#ifdef WITH_SELINUX
|
|
+ security_context_t savedContext = NULL;
|
|
+#endif
|
|
|
|
if (!state->doRotate)
|
|
return 0;
|
|
@@ -906,7 +915,57 @@ int rotateSingleLog(logInfo * log, int l
|
|
if (!hasErrors) {
|
|
|
|
if (!(log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))) {
|
|
- message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
|
|
+#ifdef WITH_SELINUX
|
|
+ if (selinux_enabled) {
|
|
+ security_context_t oldContext = NULL;
|
|
+ int fdcurr = -1;
|
|
+
|
|
+ if ((fdcurr = open(log->files[logNum], O_RDWR)) < 0) {
|
|
+ message(MESS_ERROR, "error opening %s: %s\n",
|
|
+ log->files[logNum],
|
|
+ strerror(errno));
|
|
+ return 1;
|
|
+ }
|
|
+ if (fgetfilecon_raw(fdcurr, &oldContext) >= 0) {
|
|
+ if (getfscreatecon_raw(&savedContext) < 0) {
|
|
+ message(MESS_ERROR,
|
|
+ "getting default context: %s\n",
|
|
+ strerror(errno));
|
|
+ if (selinux_enforce) {
|
|
+ if (oldContext != NULL) {
|
|
+ freecon(oldContext);
|
|
+ }
|
|
+ return 1;
|
|
+ }
|
|
+ }
|
|
+ if (setfscreatecon_raw(oldContext) < 0) {
|
|
+ message(MESS_ERROR,
|
|
+ "setting file context %s to %s: %s\n",
|
|
+ log->files[logNum], oldContext, strerror(errno));
|
|
+ if (selinux_enforce) {
|
|
+ if (oldContext != NULL) {
|
|
+ freecon(oldContext);
|
|
+ }
|
|
+ return 1;
|
|
+ }
|
|
+ }
|
|
+ message(MESS_DEBUG, "fscreate context set to %s\n",
|
|
+ oldContext);
|
|
+ if (oldContext != NULL) {
|
|
+ freecon(oldContext);
|
|
+ }
|
|
+ } else {
|
|
+ if (errno != ENOTSUP) {
|
|
+ message(MESS_ERROR, "getting file context %s: %s\n",
|
|
+ log->files[logNum], strerror(errno));
|
|
+ if (selinux_enforce) {
|
|
+ return 1;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+#endif
|
|
+ message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
|
|
rotNames->finalName);
|
|
|
|
if (!debug && !hasErrors &&
|
|
@@ -961,6 +1020,15 @@ int rotateSingleLog(logInfo * log, int l
|
|
close(fd);
|
|
}
|
|
}
|
|
+#ifdef WITH_SELINUX
|
|
+ if (selinux_enabled) {
|
|
+ setfscreatecon_raw(savedContext);
|
|
+ if (savedContext != NULL) {
|
|
+ freecon(savedContext);
|
|
+ savedContext = NULL;
|
|
+ }
|
|
+ }
|
|
+#endif
|
|
|
|
if (!hasErrors
|
|
&& log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))
|