rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Sat Aug 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-10

Browse Source 
- Fix realpath usage to only happen on argv input from user
This commit is contained in:
Daniel J Walsh 2009-08-22 12:08:34 +00:00
parent f6cc437735
commit 4b8a9749e9
2 changed files with 54 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
policycoreutils-rhat.patch
View File

@ -105,7 +105,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+Exec=/usr/sbin/restorecond -u
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-20 15:30:44.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-22 08:03:13.000000000 -0400
@@ -48,294 +48,38 @@
#include <signal.h>
#include <string.h>
@ -430,7 +430,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
exit(0);
}
@@ -390,74 +134,35 @@
@@ -390,74 +134,33 @@
to see if it is one that we are watching.
*/
@ -511,12 +511,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ r_opts.verbose = 0;
+ r_opts.logging = 0;
+ r_opts.rootpath = NULL;
+ r_opts.expand_realpath = 0;
+ r_opts.rootpathlen = 0;
+ r_opts.outfile = NULL;
+ r_opts.force = 0;
+ r_opts.hard_links = 0;
+ r_opts.expand_realpath = 1;
+ r_opts.abort_on_error = 0;
+ r_opts.add_assoc = 0;
+ r_opts.fts_flags = FTS_PHYSICAL;
@ -529,7 +527,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
/* Register sighandlers */
sa.sa_flags = 0;
@@ -467,38 +172,59 @@
@@ -467,38 +170,59 @@
set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
@ -1685,8 +1683,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
ln -sf setfiles restorecon
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.71/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-20 13:11:02.000000000 -0400
@@ -0,0 +1,530 @@
+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-22 07:59:20.000000000 -0400
@@ -0,0 +1,519 @@
+#include "restore.h"
+
+#define SKIP -2
@ -1950,17 +1948,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ FTS *fts_handle;
+ FTSENT *ftsent;
+
+ if (r_opts->expand_realpath) {
+ char *p;
+ p = realpath(name, NULL);
+ if (!p) {
+ fprintf(stderr, "realpath(%s) failed %s\n", name,
+ strerror(errno));
+ return -1;
+ }
+ name = p;
+ }
+
+ if (r_opts == NULL){
+ fprintf(stderr,
+ "Must call initialize first!");
@ -2219,8 +2206,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.71/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-20 12:53:16.000000000 -0400
@@ -0,0 +1,50 @@
+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-22 08:02:45.000000000 -0400
@@ -0,0 +1,49 @@
+#ifndef RESTORE_H
+#define RESTORE_H
+#ifndef _GNU_SOURCE
@ -2256,7 +2243,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ FILE *outfile;
+ int force;
+ struct selabel_handle *hnd;
+ int expand_realpath; /* Expand paths via realpath. */
+ int abort_on_error; /* Abort the file tree walk upon an error. */
+ int quiet;
+ int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */
@ -2273,7 +2259,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.71/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2009-08-12 12:08:15.000000000 -0400
+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-20 12:53:16.000000000 -0400
+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-22 08:06:25.000000000 -0400
@@ -1,26 +1,12 @@
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
@ -2837,7 +2823,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
- goto err;
- }
-
-
- ftsent = fts_read(fts_handle);
- if (ftsent != NULL) {
- /* Keep the inode of the first one. */
@ -2881,7 +2867,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
- if (expand_realpath)
- free(name);
- return rc;
-
-err:
- if (!strcmp(name, "/"))
- mass_relabel_errs = 1;
@ -2891,7 +2877,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
#ifndef USE_AUDIT
static void maybe_audit_mass_relabel(void)
@@ -729,21 +209,32 @@
@@ -729,27 +209,37 @@
int use_input_file = 0;
char *buf = NULL;
size_t buf_len;
@ -2932,7 +2918,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if (!strcmp(base, SETFILES)) {
/*
@@ -757,10 +248,10 @@
* setfiles:
* Recursive descent,
- * Does not expand paths via realpath,
* Aborts on errors during the file tree walk,
* Try to track inode associations for conflict detection,
* Does not follow mounts,
@@ -757,29 +247,26 @@
*/
iamrestorecon = 0;
recurse = 1;
@ -2940,14 +2932,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
- abort_on_error = 1;
- add_assoc = 1;
- fts_flags = FTS_PHYSICAL | FTS_XDEV;
+ r_opts.expand_realpath = 0;
+ r_opts.abort_on_error = 1;
+ r_opts.add_assoc = 1;
+ r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV;
ctx_validate = 1;
} else {
/*
@@ -772,14 +263,14 @@
* restorecon:
* No recursive descent unless -r/-R,
- * Expands paths via realpath,
* Do not abort on errors during the file tree walk,
* Do not try to track inode associations for conflict detection,
* Follows mounts,
* Does lazy validation of contexts upon use.
*/
@ -2960,14 +2955,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
- abort_on_error = 0;
- add_assoc = 0;
- fts_flags = FTS_PHYSICAL;
+ r_opts.expand_realpath = 1;
+ r_opts.abort_on_error = 0;
+ r_opts.add_assoc = 0;
+ r_opts.fts_flags = FTS_PHYSICAL;
ctx_validate = 0;
/* restorecon only: silent exit if no SELinux.
@@ -828,11 +319,6 @@
@@ -828,11 +315,6 @@
}
case 'e':
remove_exclude(optarg);
@ -2979,7 +2973,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if (add_exclude(optarg))
exit(1);
break;
@@ -841,37 +327,37 @@
@@ -841,37 +323,37 @@
input_filename = optarg;
break;
case 'd':
@ -3026,7 +3020,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
break;
case 'R':
case 'r':
@@ -880,11 +366,11 @@
@@ -880,11 +362,11 @@
break;
}
if (optind + 1 >= argc) {
@ -3040,7 +3034,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
fprintf(stderr,
"%s: only one -r can be specified\n",
argv[0]);
@@ -895,23 +381,23 @@
@@ -895,23 +377,23 @@
case 's':
use_input_file = 1;
input_filename = "-";
@ -3069,7 +3063,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
break;
case 'W':
warn_no_match = 1;
@@ -959,18 +445,13 @@
@@ -959,18 +441,13 @@
}
/* Load the file contexts configuration and check it. */
@ -3091,14 +3085,22 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if (use_input_file) {
FILE *f = stdin;
ssize_t len;
@@ -987,31 +468,34 @@
@@ -987,31 +464,49 @@
delim = (null_terminated != 0) ? '\0' : '\n';
while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
buf[len - 1] = 0;
- errors |= process_one(buf);
+ if (!strcmp(buf, "/"))
+ mass_relabel = 1;
+ errors |= process_one(buf, recurse) < 0;
+
+ char *filename = realpath(buf, NULL);
+ if (!filename) {
+ fprintf(stderr, "realpath(%s) failed %s\n", buf,
+ strerror(errno));
+ return -1;
+ }
+ errors |= process_one(filename, recurse) < 0;
+ free(filename);
}
if (strcmp(input_filename, "-") != 0)
fclose(f);
@ -3107,7 +3109,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
- errors |= process_one(argv[i]);
+ if (!strcmp(argv[i], "/"))
+ mass_relabel = 1;
+ errors |= process_one(argv[i], recurse) < 0;
+ char *filename = realpath(argv[i], NULL);
+ if (!filename) {
+ fprintf(stderr, "realpath(%s) failed %s\n", argv[i],
+ strerror(errno));
+ return -1;
+ }
+ errors |= process_one(filename, recurse) < 0;
+ free(filename);
}
}
-
@ -3118,15 +3127,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if (warn_no_match)
- selabel_stats(hnd);
-
- selabel_close(hnd);
+ selabel_stats(r_opts.hnd);
- if (outfile)
- fclose(outfile);
- selabel_close(hnd);
+ selabel_close(r_opts.hnd);
+ restore_finish();
- if (outfile)
- fclose(outfile);
-
- for (i = 0; i < excludeCtr; i++) {
- free(excludeArray[i].directory);
- }

5
policycoreutils.spec
View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.71
Release: 9%{?dist}
Release: 10%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -265,6 +265,9 @@ fi
exit 0
%changelog
* Sat Aug 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-10
- Fix realpath usage to only happen on argv input from user
* Fri Aug 21 2009 Ville Skyttä <ville.skytta@iki.fi> - 2.0.71-9
- Don't try to remove restorecond after last erase (done already in %%preun).
- Ensure scriptlets exit with status 0.