restorecond -u needs to watch terminal for exit if run outside of dbus.

This commit is contained in:
Dan Walsh 2011-10-06 16:07:50 -04:00
parent ebadcd67f7
commit 6c13d007c9
2 changed files with 41 additions and 9 deletions

View File

@ -786,10 +786,10 @@ index 0000000..e0c2871
+~/.config/* +~/.config/*
diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c
new file mode 100644 new file mode 100644
index 0000000..ade3fb8 index 0000000..4257058
--- /dev/null --- /dev/null
+++ b/policycoreutils/restorecond/user.c +++ b/policycoreutils/restorecond/user.c
@@ -0,0 +1,246 @@ @@ -0,0 +1,259 @@
+/* +/*
+ * restorecond + * restorecond
+ * + *
@ -915,6 +915,11 @@ index 0000000..ade3fb8
+ sizeof (buffer), + sizeof (buffer),
+ &bytes_read); + &bytes_read);
+ +
+ if (! bytes_read) {
+ /* Sesssion/Terminal Ended */
+ exit(0);
+ }
+
+ while (i < bytes_read) { + while (i < bytes_read) {
+ struct inotify_event *event; + struct inotify_event *event;
+ event = (struct inotify_event *)&buffer[i]; + event = (struct inotify_event *)&buffer[i];
@ -940,6 +945,7 @@ index 0000000..ade3fb8
+ +
+ if (condition & G_IO_HUP) { + if (condition & G_IO_HUP) {
+ g_io_channel_close (source); + g_io_channel_close (source);
+ exit(0);
+ return FALSE; + return FALSE;
+ } + }
+ +
@ -1002,6 +1008,13 @@ index 0000000..ade3fb8
+ perror("flock"); + perror("flock");
+ return -1; + return -1;
+ } + }
+ /* watch for stdin/terminal going away */
+ GIOChannel *in = g_io_channel_unix_new(0);
+ g_io_add_watch_full( in,
+ G_PRIORITY_HIGH,
+ G_IO_IN|G_IO_ERR|G_IO_HUP,
+ io_channel_callback, NULL, NULL);
+
+ return 0; + return 0;
+} +}
+ +
@ -1013,7 +1026,7 @@ index 0000000..ade3fb8
+#ifdef HAVE_DBUS +#ifdef HAVE_DBUS
+ if (dbus_server(loop) != 0) + if (dbus_server(loop) != 0)
+#endif /* HAVE_DBUS */ +#endif /* HAVE_DBUS */
+ if (local_server(loop)) + if (local_server())
+ goto end; + goto end;
+ +
+ read_config(master_fd, watch_file); + read_config(master_fd, watch_file);
@ -1908,6 +1921,20 @@ index 5847ba0..e4b6c0d 100644
ddict[name] = value ddict[name] = value
return ddict return ddict
diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
index 12191f6..9fb2b78 100644
--- a/policycoreutils/semodule/semodule.8
+++ b/policycoreutils/semodule/semodule.8
@@ -41,6 +41,9 @@ disable existing module
.B \-e,\-\-enable=MODULE_NAME
enable existing module
.TP
+.B \-p,\-\-path=ROOTPATH
+use an alternate root path
+.TP
.B \-r,\-\-remove=MODULE_NAME
remove existing module
.TP
diff --git a/policycoreutils/semodule_package/Makefile b/policycoreutils/semodule_package/Makefile diff --git a/policycoreutils/semodule_package/Makefile b/policycoreutils/semodule_package/Makefile
index f84cd7e..3565f5e 100644 index f84cd7e..3565f5e 100644
--- a/policycoreutils/semodule_package/Makefile --- a/policycoreutils/semodule_package/Makefile
@ -1922,7 +1949,7 @@ index f84cd7e..3565f5e 100644
indent: indent:
../../scripts/Lindent $(wildcard *.[ch]) ../../scripts/Lindent $(wildcard *.[ch])
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index ce44c04..bca1694 100644 index ce44c04..f08f8e5 100644
--- a/policycoreutils/setfiles/restore.c --- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c
@@ -1,5 +1,6 @@ @@ -1,5 +1,6 @@
@ -1940,13 +1967,15 @@ index ce44c04..bca1694 100644
struct restore_opts *r_opts = NULL; struct restore_opts *r_opts = NULL;
static void filespec_destroy(void); static void filespec_destroy(void);
static void filespec_eval(void); static void filespec_eval(void);
@@ -60,9 +60,10 @@ void restore_init(struct restore_opts *opts) @@ -59,10 +59,11 @@ void restore_init(struct restore_opts *opts)
{
r_opts = opts; r_opts = opts;
struct selinux_opt selinux_opts[] = { struct selinux_opt selinux_opts[] = {
{ SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate }, - { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
- { SELABEL_OPT_PATH, r_opts->selabel_opt_path } - { SELABEL_OPT_PATH, r_opts->selabel_opt_path }
+ { SELABEL_OPT_PATH, r_opts->selabel_opt_path }, + { SELABEL_OPT_VALIDATE , { r_opts->selabel_opt_validate } },
+ { SELABEL_OPT_SUBSET, r_opts->selabel_opt_subset } + { SELABEL_OPT_PATH, {r_opts->selabel_opt_path }},
+ { SELABEL_OPT_SUBSET,{r_opts->selabel_opt_subset }}
}; };
- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 2); - r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 2);
+ r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3); + r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.7 Version: 2.1.7
Release: 2%{?dist} Release: 3%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -352,6 +352,9 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Thu Oct 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-3
- restorecond -u needs to watch terminal for exit if run outside of dbus.
* Tue Oct 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-2 * Tue Oct 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-2
- Do not drop capabilities if running newrole as root - Do not drop capabilities if running newrole as root