* Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
- Fix sandbox to setsid so it can run under mozilla without crashing the session
This commit is contained in:
parent
942b683f29
commit
a1e42cb153
@ -1875,27 +1875,28 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+.PP
|
+.PP
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.75/sandbox/sandboxX.sh
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.75/sandbox/sandboxX.sh
|
||||||
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.75/sandbox/sandboxX.sh 2009-11-03 09:44:56.000000000 -0500
|
+++ policycoreutils-2.0.75/sandbox/sandboxX.sh 2009-11-11 16:02:16.000000000 -0500
|
||||||
@@ -0,0 +1,16 @@
|
@@ -0,0 +1,16 @@
|
||||||
+#!/bin/bash
|
+#!/bin/bash
|
||||||
+export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`"
|
+export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`"
|
||||||
+export SCREEN=`/usr/bin/xdpyinfo -display $DISPLAY | /bin/awk '/dimensions/ { print $2 }'`
|
+export SCREEN=`/usr/bin/xdpyinfo -display $DISPLAY | /bin/awk '/dimensions/ { print $2 }'`
|
||||||
+
|
+
|
||||||
+(/usr/bin/Xephyr -title "$TITLE" -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
+(/usr/bin/Xephyr -title "$TITLE" -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||||
+export DISPLAY=:$D
|
+ export DISPLAY=:$D
|
||||||
+/usr/bin/matchbox-window-manager -use_titlebar no &
|
+ /usr/bin/matchbox-window-manager -use_titlebar no &
|
||||||
+WM_PID=$!
|
+ WM_PID=$!
|
||||||
+~/.sandboxrc &
|
+ ~/.sandboxrc &
|
||||||
+CLIENT_PID=$!
|
+ CLIENT_PID=$!
|
||||||
+wait $CLIENT_PID
|
+ wait $CLIENT_PID
|
||||||
+export EXITCODE=$?
|
+ export EXITCODE=$?
|
||||||
+kill -TERM $WM_PID
|
+ kill -TERM $WM_PID
|
||||||
+kill -HUP 0
|
+ kill -HUP 0
|
||||||
+break
|
+ break
|
||||||
+done
|
+done
|
||||||
|
Binary files nsapolicycoreutils/sandbox/seunshare and policycoreutils-2.0.75/sandbox/seunshare differ
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.75/sandbox/seunshare.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.75/sandbox/seunshare.c
|
||||||
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.75/sandbox/seunshare.c 2009-11-03 09:44:56.000000000 -0500
|
+++ policycoreutils-2.0.75/sandbox/seunshare.c 2009-11-11 16:00:27.000000000 -0500
|
||||||
@@ -0,0 +1,265 @@
|
@@ -0,0 +1,265 @@
|
||||||
+#include <signal.h>
|
+#include <signal.h>
|
||||||
+#include <sys/types.h>
|
+#include <sys/types.h>
|
||||||
@ -2151,7 +2152,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+ perror("Failed to change dir to homedir");
|
+ perror("Failed to change dir to homedir");
|
||||||
+ exit(-1);
|
+ exit(-1);
|
||||||
+ }
|
+ }
|
||||||
+
|
+ setsid();
|
||||||
+ execv(argv[optind], argv + optind);
|
+ execv(argv[optind], argv + optind);
|
||||||
+ free(display);
|
+ free(display);
|
||||||
+ perror("execv");
|
+ perror("execv");
|
||||||
@ -2162,6 +2163,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
+ return status;
|
+ return status;
|
||||||
+}
|
+}
|
||||||
|
Binary files nsapolicycoreutils/sandbox/seunshare.o and policycoreutils-2.0.75/sandbox/seunshare.o differ
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.75/scripts/chcat
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.75/scripts/chcat
|
||||||
--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
|
--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
|
||||||
+++ policycoreutils-2.0.75/scripts/chcat 2009-11-03 09:44:56.000000000 -0500
|
+++ policycoreutils-2.0.75/scripts/chcat 2009-11-03 09:44:56.000000000 -0500
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.75
|
Version: 2.0.75
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -296,6 +296,9 @@ fi
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
|
||||||
|
- Fix sandbox to setsid so it can run under mozilla without crashing the session
|
||||||
|
|
||||||
* Tue Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
|
* Tue Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
* Factor out restoring logic from setfiles.c into restore.c
|
* Factor out restoring logic from setfiles.c into restore.c
|
||||||
|
Loading…
Reference in New Issue
Block a user