restorecond -u needs to watch terminal for exit if run outside of dbus.
This commit is contained in:
parent
ebadcd67f7
commit
6c13d007c9
@ -786,10 +786,10 @@ index 0000000..e0c2871
|
||||
+~/.config/*
|
||||
diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c
|
||||
new file mode 100644
|
||||
index 0000000..ade3fb8
|
||||
index 0000000..4257058
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils/restorecond/user.c
|
||||
@@ -0,0 +1,246 @@
|
||||
@@ -0,0 +1,259 @@
|
||||
+/*
|
||||
+ * restorecond
|
||||
+ *
|
||||
@ -915,6 +915,11 @@ index 0000000..ade3fb8
|
||||
+ sizeof (buffer),
|
||||
+ &bytes_read);
|
||||
+
|
||||
+ if (! bytes_read) {
|
||||
+ /* Sesssion/Terminal Ended */
|
||||
+ exit(0);
|
||||
+ }
|
||||
+
|
||||
+ while (i < bytes_read) {
|
||||
+ struct inotify_event *event;
|
||||
+ event = (struct inotify_event *)&buffer[i];
|
||||
@ -940,6 +945,7 @@ index 0000000..ade3fb8
|
||||
+
|
||||
+ if (condition & G_IO_HUP) {
|
||||
+ g_io_channel_close (source);
|
||||
+ exit(0);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
@ -1002,6 +1008,13 @@ index 0000000..ade3fb8
|
||||
+ perror("flock");
|
||||
+ return -1;
|
||||
+ }
|
||||
+ /* watch for stdin/terminal going away */
|
||||
+ GIOChannel *in = g_io_channel_unix_new(0);
|
||||
+ g_io_add_watch_full( in,
|
||||
+ G_PRIORITY_HIGH,
|
||||
+ G_IO_IN|G_IO_ERR|G_IO_HUP,
|
||||
+ io_channel_callback, NULL, NULL);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
@ -1013,7 +1026,7 @@ index 0000000..ade3fb8
|
||||
+#ifdef HAVE_DBUS
|
||||
+ if (dbus_server(loop) != 0)
|
||||
+#endif /* HAVE_DBUS */
|
||||
+ if (local_server(loop))
|
||||
+ if (local_server())
|
||||
+ goto end;
|
||||
+
|
||||
+ read_config(master_fd, watch_file);
|
||||
@ -1908,6 +1921,20 @@ index 5847ba0..e4b6c0d 100644
|
||||
ddict[name] = value
|
||||
|
||||
return ddict
|
||||
diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
|
||||
index 12191f6..9fb2b78 100644
|
||||
--- a/policycoreutils/semodule/semodule.8
|
||||
+++ b/policycoreutils/semodule/semodule.8
|
||||
@@ -41,6 +41,9 @@ disable existing module
|
||||
.B \-e,\-\-enable=MODULE_NAME
|
||||
enable existing module
|
||||
.TP
|
||||
+.B \-p,\-\-path=ROOTPATH
|
||||
+use an alternate root path
|
||||
+.TP
|
||||
.B \-r,\-\-remove=MODULE_NAME
|
||||
remove existing module
|
||||
.TP
|
||||
diff --git a/policycoreutils/semodule_package/Makefile b/policycoreutils/semodule_package/Makefile
|
||||
index f84cd7e..3565f5e 100644
|
||||
--- a/policycoreutils/semodule_package/Makefile
|
||||
@ -1922,7 +1949,7 @@ index f84cd7e..3565f5e 100644
|
||||
indent:
|
||||
../../scripts/Lindent $(wildcard *.[ch])
|
||||
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
||||
index ce44c04..bca1694 100644
|
||||
index ce44c04..f08f8e5 100644
|
||||
--- a/policycoreutils/setfiles/restore.c
|
||||
+++ b/policycoreutils/setfiles/restore.c
|
||||
@@ -1,5 +1,6 @@
|
||||
@ -1940,13 +1967,15 @@ index ce44c04..bca1694 100644
|
||||
struct restore_opts *r_opts = NULL;
|
||||
static void filespec_destroy(void);
|
||||
static void filespec_eval(void);
|
||||
@@ -60,9 +60,10 @@ void restore_init(struct restore_opts *opts)
|
||||
@@ -59,10 +59,11 @@ void restore_init(struct restore_opts *opts)
|
||||
{
|
||||
r_opts = opts;
|
||||
struct selinux_opt selinux_opts[] = {
|
||||
{ SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
|
||||
- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
|
||||
- { SELABEL_OPT_PATH, r_opts->selabel_opt_path }
|
||||
+ { SELABEL_OPT_PATH, r_opts->selabel_opt_path },
|
||||
+ { SELABEL_OPT_SUBSET, r_opts->selabel_opt_subset }
|
||||
+ { SELABEL_OPT_VALIDATE , { r_opts->selabel_opt_validate } },
|
||||
+ { SELABEL_OPT_PATH, {r_opts->selabel_opt_path }},
|
||||
+ { SELABEL_OPT_SUBSET,{r_opts->selabel_opt_subset }}
|
||||
};
|
||||
- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 2);
|
||||
+ r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.7
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -352,6 +352,9 @@ fi
|
||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Thu Oct 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-3
|
||||
- restorecond -u needs to watch terminal for exit if run outside of dbus.
|
||||
|
||||
* Tue Oct 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-2
|
||||
- Do not drop capabilities if running newrole as root
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user