From 6c13d007c94f8102e8e942fcdd48b9b8526942b5 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 6 Oct 2011 16:07:50 -0400 Subject: [PATCH] restorecond -u needs to watch terminal for exit if run outside of dbus. --- policycoreutils-rhat.patch | 45 +++++++++++++++++++++++++++++++------- policycoreutils.spec | 5 ++++- 2 files changed, 41 insertions(+), 9 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 54f3e2e..8b4bd09 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -786,10 +786,10 @@ index 0000000..e0c2871 +~/.config/* diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c new file mode 100644 -index 0000000..ade3fb8 +index 0000000..4257058 --- /dev/null +++ b/policycoreutils/restorecond/user.c -@@ -0,0 +1,246 @@ +@@ -0,0 +1,259 @@ +/* + * restorecond + * @@ -915,6 +915,11 @@ index 0000000..ade3fb8 + sizeof (buffer), + &bytes_read); + ++ if (! bytes_read) { ++ /* Sesssion/Terminal Ended */ ++ exit(0); ++ } ++ + while (i < bytes_read) { + struct inotify_event *event; + event = (struct inotify_event *)&buffer[i]; @@ -940,6 +945,7 @@ index 0000000..ade3fb8 + + if (condition & G_IO_HUP) { + g_io_channel_close (source); ++ exit(0); + return FALSE; + } + @@ -1002,6 +1008,13 @@ index 0000000..ade3fb8 + perror("flock"); + return -1; + } ++ /* watch for stdin/terminal going away */ ++ GIOChannel *in = g_io_channel_unix_new(0); ++ g_io_add_watch_full( in, ++ G_PRIORITY_HIGH, ++ G_IO_IN|G_IO_ERR|G_IO_HUP, ++ io_channel_callback, NULL, NULL); ++ + return 0; +} + @@ -1013,7 +1026,7 @@ index 0000000..ade3fb8 +#ifdef HAVE_DBUS + if (dbus_server(loop) != 0) +#endif /* HAVE_DBUS */ -+ if (local_server(loop)) ++ if (local_server()) + goto end; + + read_config(master_fd, watch_file); @@ -1908,6 +1921,20 @@ index 5847ba0..e4b6c0d 100644 ddict[name] = value return ddict +diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 +index 12191f6..9fb2b78 100644 +--- a/policycoreutils/semodule/semodule.8 ++++ b/policycoreutils/semodule/semodule.8 +@@ -41,6 +41,9 @@ disable existing module + .B \-e,\-\-enable=MODULE_NAME + enable existing module + .TP ++.B \-p,\-\-path=ROOTPATH ++use an alternate root path ++.TP + .B \-r,\-\-remove=MODULE_NAME + remove existing module + .TP diff --git a/policycoreutils/semodule_package/Makefile b/policycoreutils/semodule_package/Makefile index f84cd7e..3565f5e 100644 --- a/policycoreutils/semodule_package/Makefile @@ -1922,7 +1949,7 @@ index f84cd7e..3565f5e 100644 indent: ../../scripts/Lindent $(wildcard *.[ch]) diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index ce44c04..bca1694 100644 +index ce44c04..f08f8e5 100644 --- a/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c @@ -1,5 +1,6 @@ @@ -1940,13 +1967,15 @@ index ce44c04..bca1694 100644 struct restore_opts *r_opts = NULL; static void filespec_destroy(void); static void filespec_eval(void); -@@ -60,9 +60,10 @@ void restore_init(struct restore_opts *opts) +@@ -59,10 +59,11 @@ void restore_init(struct restore_opts *opts) + { r_opts = opts; struct selinux_opt selinux_opts[] = { - { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate }, +- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate }, - { SELABEL_OPT_PATH, r_opts->selabel_opt_path } -+ { SELABEL_OPT_PATH, r_opts->selabel_opt_path }, -+ { SELABEL_OPT_SUBSET, r_opts->selabel_opt_subset } ++ { SELABEL_OPT_VALIDATE , { r_opts->selabel_opt_validate } }, ++ { SELABEL_OPT_PATH, {r_opts->selabel_opt_path }}, ++ { SELABEL_OPT_SUBSET,{r_opts->selabel_opt_subset }} }; - r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 2); + r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3); diff --git a/policycoreutils.spec b/policycoreutils.spec index fb8db3f..f6d69a3 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.7 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -352,6 +352,9 @@ fi /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Thu Oct 6 2011 Dan Walsh - 2.1.7-3 +- restorecond -u needs to watch terminal for exit if run outside of dbus. + * Tue Oct 4 2011 Dan Walsh - 2.1.7-2 - Do not drop capabilities if running newrole as root