- do not preserve contexts when copying skel and other namespace.init fixes
(#298941) - do not free memory sent to putenv (#231698)
This commit is contained in:
Tomáš Mráz
parent
790525d4ab
commit
36d9a1c73d
@ -1,29 +1,47 @@
|
|||||||
diff -up Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init.homedir Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init
|
diff -up Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init.homedir Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init
|
||||||
--- Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init.homedir 2007-08-24 10:40:46.000000000 +0200
|
--- Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init.homedir 2007-09-19 19:37:26.000000000 +0200
|
||||||
+++ Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init 2007-08-24 15:33:52.000000000 +0200
|
+++ Linux-PAM-0.99.8.1/modules/pam_namespace/namespace.init 2007-09-21 14:13:52.000000000 +0200
|
||||||
@@ -1,9 +1,24 @@
|
@@ -1,26 +1,24 @@
|
||||||
#!/bin/sh -p
|
#!/bin/sh -p
|
||||||
-# This is only a boilerplate for the instance initialization script.
|
-# This is only a boilerplate for the instance initialization script.
|
||||||
# It receives polydir path as $1, the instance path as $2,
|
# It receives polydir path as $1, the instance path as $2,
|
||||||
# a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3,
|
# a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3,
|
||||||
# and user name in $4.
|
# and user name in $4.
|
||||||
#
|
#
|
||||||
|
-# If you intend to polyinstantiate /tmp and you also want to use the X windows
|
||||||
|
-# environment, you will have to use this script to bind mount the socket that
|
||||||
|
-# is used by the X server to communicate with its clients. X server places
|
||||||
|
-# this socket in /tmp/.X11-unix directory, which will get obscured by
|
||||||
|
-# polyinstantiation. Uncommenting the following lines will bind mount
|
||||||
|
-# the relevant directory at an alternative location (/.tmp/.X11-unix) such
|
||||||
|
-# that the X server, window manager and X clients, can still find the
|
||||||
|
-# socket X0 at the polyinstanted /tmp/.X11-unix.
|
||||||
|
-#
|
||||||
|
-#if [ $1 = /tmp ]; then
|
||||||
|
-# if [ ! -f /.tmp/.X11-unix ]; then
|
||||||
|
-# mkdir -p /.tmp/.X11-unix
|
||||||
|
-# fi
|
||||||
|
-# mount --bind /tmp/.X11-unix /.tmp/.X11-unix
|
||||||
|
-# cp -fp -- /tmp/.X0-lock "$2/.X0-lock"
|
||||||
|
-# mkdir -- "$2/.X11-unix"
|
||||||
|
-# ln -fs -- /.tmp/.X11-unix/X0 "$2/.X11-unix/X0"
|
||||||
|
-#fi
|
||||||
+# The following section will copy the contents of /etc/skel if this is a
|
+# The following section will copy the contents of /etc/skel if this is a
|
||||||
+# newly created home directory.
|
+# newly created home directory.
|
||||||
+if [ "$3" = 1 ]; then
|
+if [ "$3" = 1 ]; then
|
||||||
|
+ # This line will fix the labeling on all newly created directories
|
||||||
|
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$1"
|
||||||
+ user="$4"
|
+ user="$4"
|
||||||
+ passwd=$(getent passwd "$user")
|
+ passwd=$(getent passwd "$user")
|
||||||
+ homedir=$(echo "$passwd" | cut -f6 -d":")
|
+ homedir=$(echo "$passwd" | cut -f6 -d":")
|
||||||
+ if [ "$1" = "$homedir" ]; then
|
+ if [ "$1" = "$homedir" ]; then
|
||||||
+ gid=$(echo "$passwd" | cut -f4 -d":")
|
+ gid=$(echo "$passwd" | cut -f4 -d":")
|
||||||
+ cp -aT /etc/skel "$homedir"
|
+ cp -rT /etc/skel "$homedir"
|
||||||
+ [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir"
|
|
||||||
+ chown -R "$user":"$gid" "$homedir"
|
+ chown -R "$user":"$gid" "$homedir"
|
||||||
+ mode=$(awk '/^UMASK/{gsub("#.*$", "", $2); printf "%o", and(0777,compl(strtonum("0" $2))); exit}' /etc/login.defs)
|
+ mode=$(awk '/^UMASK/{gsub("#.*$", "", $2); printf "%o", and(0777,compl(strtonum("0" $2))); exit}' /etc/login.defs)
|
||||||
+ chmod ${mode:-700} "$homedir"
|
+ chmod ${mode:-700} "$homedir"
|
||||||
|
+ [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir"
|
||||||
+ fi
|
+ fi
|
||||||
+fi
|
+fi
|
||||||
+#
|
|
||||||
# If you intend to polyinstantiate /tmp and you also want to use the X windows
|
exit 0
|
||||||
# environment, you will have to use this script to bind mount the socket that
|
|
||||||
# is used by the X server to communicate with its clients. X server places
|
|
||||||
|
|||||||
11
pam-0.99.8.1-xauth-no-free.patch
Normal file
11
pam-0.99.8.1-xauth-no-free.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
diff -up Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c.no-free Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c
|
||||||
|
--- Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c.no-free 2007-09-21 16:02:06.000000000 +0200
|
||||||
|
+++ Linux-PAM-0.99.8.1/modules/pam_xauth/pam_xauth.c 2007-09-21 16:02:47.000000000 +0200
|
||||||
|
@@ -573,6 +573,7 @@ pam_sm_open_session (pam_handle_t *pamh,
|
||||||
|
"can't set environment variable '%s'",
|
||||||
|
xauthority);
|
||||||
|
putenv (xauthority); /* The environment owns this string now. */
|
||||||
|
+ xauthority = NULL;
|
||||||
|
|
||||||
|
/* set $DISPLAY in pam handle to make su - work */
|
||||||
|
{
|
||||||
9
pam.spec
9
pam.spec
@ -11,7 +11,7 @@
|
|||||||
Summary: A security tool which provides authentication for applications
|
Summary: A security tool which provides authentication for applications
|
||||||
Name: pam
|
Name: pam
|
||||||
Version: 0.99.8.1
|
Version: 0.99.8.1
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
||||||
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
|
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
|
||||||
# pam_rhosts_auth module is BSD with advertising
|
# pam_rhosts_auth module is BSD with advertising
|
||||||
@ -43,6 +43,7 @@ Patch43: pam-0.99.8.1-console-mfd-scanners.patch
|
|||||||
Patch44: pam-0.99.7.1-namespace-homedir.patch
|
Patch44: pam-0.99.7.1-namespace-homedir.patch
|
||||||
Patch45: pam-0.99.8.1-selinux-permit.patch
|
Patch45: pam-0.99.8.1-selinux-permit.patch
|
||||||
Patch46: pam-0.99.8.1-succif-in-operator.patch
|
Patch46: pam-0.99.8.1-succif-in-operator.patch
|
||||||
|
Patch47: pam-0.99.8.1-xauth-no-free.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
Requires: cracklib, cracklib-dicts >= 2.8
|
Requires: cracklib, cracklib-dicts >= 2.8
|
||||||
@ -111,6 +112,7 @@ cp %{SOURCE7} .
|
|||||||
%patch44 -p1 -b .homedir
|
%patch44 -p1 -b .homedir
|
||||||
%patch45 -p1 -b .permit
|
%patch45 -p1 -b .permit
|
||||||
%patch46 -p1 -b .in-operator
|
%patch46 -p1 -b .in-operator
|
||||||
|
%patch47 -p1 -b .no-free
|
||||||
|
|
||||||
autoreconf
|
autoreconf
|
||||||
|
|
||||||
@ -403,6 +405,11 @@ fi
|
|||||||
%doc doc/adg/*.txt doc/adg/html
|
%doc doc/adg/*.txt doc/adg/html
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Sep 21 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-9
|
||||||
|
- do not preserve contexts when copying skel and other namespace.init
|
||||||
|
fixes (#298941)
|
||||||
|
- do not free memory sent to putenv (#231698)
|
||||||
|
|
||||||
* Wed Sep 19 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-8
|
* Wed Sep 19 2007 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-8
|
||||||
- add pam_selinux_permit module
|
- add pam_selinux_permit module
|
||||||
- pam_succeed_if: fix in operator (#295151)
|
- pam_succeed_if: fix in operator (#295151)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user