From 2392ca148334b046663382e91327dc56f438aa24 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 28 Oct 2011 16:47:40 -0400 Subject: [PATCH] A couple of minor coverity fixes for a potential leaked file descriptor An an unchecked return code. Add ~/.local/share/* to restorecond_user watches --- policycoreutils-rhat.patch | 63 +++++++++++++++++++++++--------------- policycoreutils.spec | 7 ++++- 2 files changed, 44 insertions(+), 26 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 8b4bd09..db02944 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -221,7 +221,7 @@ index 4952632..89f5d97 100644 -#define EVENT_SIZE (sizeof (struct inotify_event)) -/* reasonable guess as to size of 1024 events */ -#define BUF_LEN (1024 * (EVENT_SIZE + 16)) - +- -static int debug_mode = 0; -static int verbose_mode = 0; - @@ -248,11 +248,7 @@ index 4952632..89f5d97 100644 - return 0; - return (strcmp(rest_a, rest_b) == 0); -} -+static char *server_watch_file = "/etc/selinux/restorecond.conf"; -+static char *user_watch_file = "/etc/selinux/restorecond_user.conf"; -+static char *watch_file; -+static struct restore_opts r_opts; - +- -/* - A file was in a direcroty has been created. This function checks to - see if it is one that we are watching. @@ -428,9 +424,13 @@ index 4952632..89f5d97 100644 - FILE *cfg = NULL; - if (debug_mode) - printf("Read Config\n"); -- + - watch_list_free(fd); -- ++static char *server_watch_file = "/etc/selinux/restorecond.conf"; ++static char *user_watch_file = "/etc/selinux/restorecond_user.conf"; ++static char *watch_file; ++static struct restore_opts r_opts; + - cfg = fopen(watch_file_path, "r"); - if (!cfg) - exitApp("Error reading config file."); @@ -479,22 +479,22 @@ index 4952632..89f5d97 100644 - if (event->len) - watch_list_find(event->wd, event->name); - break; -- ++#include + - case 1: /* utmp has changed need to reload */ - read_config(fd); - break; -+#include ++int debug_mode = 0; ++int terminate = 0; ++int master_wd = -1; ++int run_as_user = 0; - default: /* No users logged in or out */ - break; - } - } - } -+int debug_mode = 0; -+int terminate = 0; -+int master_wd = -1; -+int run_as_user = 0; - +- - i += EVENT_SIZE + event->len; - } - return 0; @@ -773,10 +773,10 @@ index b966db6..775c52b 100644 - diff --git a/policycoreutils/restorecond/restorecond_user.conf b/policycoreutils/restorecond/restorecond_user.conf new file mode 100644 -index 0000000..e0c2871 +index 0000000..b4debed --- /dev/null +++ b/policycoreutils/restorecond/restorecond_user.conf -@@ -0,0 +1,7 @@ +@@ -0,0 +1,8 @@ +~/* +~/public_html/* +~/.gnome2/* @@ -784,6 +784,7 @@ index 0000000..e0c2871 +~/.fonts/* +~/.cache/* +~/.config/* ++~/.local/share/* diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c new file mode 100644 index 0000000..4257058 @@ -1362,6 +1363,18 @@ index 4764987..924999d 100644 -mkdir -p $(SBINDIR) install -m 4755 seunshare $(SBINDIR)/ -mkdir -p $(SHAREDIR) +diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init +index d1ccdc2..11c391c 100644 +--- a/policycoreutils/sandbox/sandbox.init ++++ b/policycoreutils/sandbox/sandbox.init +@@ -19,6 +19,7 @@ + # + + # Source function library. ++. /etc/init.d/functions + + LOCKFILE=/var/lock/subsys/sandbox + diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c index a52b6f1..c493e98 100644 --- a/policycoreutils/sandbox/seunshare.c @@ -1468,10 +1481,10 @@ index 0000000..e15a877 + rm -rf build *~ diff --git a/policycoreutils/semanage/default_encoding/default_encoding.c b/policycoreutils/semanage/default_encoding/default_encoding.c new file mode 100644 -index 0000000..2ba4870 +index 0000000..023b8f4 --- /dev/null +++ b/policycoreutils/semanage/default_encoding/default_encoding.c -@@ -0,0 +1,59 @@ +@@ -0,0 +1,57 @@ +/* + * Authors: + * John Dennis @@ -1526,10 +1539,8 @@ index 0000000..2ba4870 +PyMODINIT_FUNC +initdefault_encoding_utf8(void) +{ -+ PyObject* m; -+ + PyUnicode_SetDefaultEncoding("utf-8"); -+ m = Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8"); ++ Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8"); +} diff --git a/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py b/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py new file mode 100644 @@ -1949,7 +1960,7 @@ index f84cd7e..3565f5e 100644 indent: ../../scripts/Lindent $(wildcard *.[ch]) diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index ce44c04..f08f8e5 100644 +index ce44c04..373c9b9 100644 --- a/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c @@ -1,5 +1,6 @@ @@ -1982,12 +1993,14 @@ index ce44c04..f08f8e5 100644 if (!r_opts->hnd) { perror(r_opts->selabel_opt_path); exit(1); -@@ -104,8 +105,7 @@ static int restore(FTSENT *ftsent) +@@ -103,9 +104,8 @@ static int match(const char *name, struct stat *sb, char **con) + static int restore(FTSENT *ftsent) { char *my_file = strdupa(ftsent->fts_path); - int ret; +- int ret; - char *context, *newcon; - int user_only_changed = 0; ++ int ret = -1; + security_context_t curcon = NULL, newcon = NULL; if (match(my_file, ftsent->fts_statp, &newcon) < 0) diff --git a/policycoreutils.spec b/policycoreutils.spec index 53a412b..423167e 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.7 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -352,6 +352,11 @@ fi /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Fri Oct 28 2011 Dan Walsh - 2.1.7-5 +- A couple of minor coverity fixes for a potential leaked file descriptor +- An an unchecked return code. +- Add ~/.local/share/* to restorecond_user watches + * Thu Oct 13 2011 Dan Walsh - 2.1.7-4 - Have sepolgen return name field in AVC