* Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
- Fix sandbox to setsid so it can run under mozilla without crashing the session
This commit is contained in:
		
							parent
							
								
									942b683f29
								
							
						
					
					
						commit
						a1e42cb153
					
				| @ -1875,27 +1875,28 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po | ||||
| +.PP
 | ||||
| diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.75/sandbox/sandboxX.sh
 | ||||
| --- nsapolicycoreutils/sandbox/sandboxX.sh	1969-12-31 19:00:00.000000000 -0500
 | ||||
| +++ policycoreutils-2.0.75/sandbox/sandboxX.sh	2009-11-03 09:44:56.000000000 -0500
 | ||||
| +++ policycoreutils-2.0.75/sandbox/sandboxX.sh	2009-11-11 16:02:16.000000000 -0500
 | ||||
| @@ -0,0 +1,16 @@
 | ||||
| +#!/bin/bash 
 | ||||
| +export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`"
 | ||||
| +export SCREEN=`/usr/bin/xdpyinfo -display $DISPLAY | /bin/awk '/dimensions/ { print $2 }'`
 | ||||
| +
 | ||||
| +(/usr/bin/Xephyr -title "$TITLE" -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do 
 | ||||
| +export DISPLAY=:$D
 | ||||
| +/usr/bin/matchbox-window-manager -use_titlebar no &
 | ||||
| +WM_PID=$!
 | ||||
| +~/.sandboxrc &
 | ||||
| +CLIENT_PID=$!
 | ||||
| +wait $CLIENT_PID
 | ||||
| +export EXITCODE=$?
 | ||||
| +kill -TERM $WM_PID
 | ||||
| +kill -HUP 0
 | ||||
| +break
 | ||||
| +    export DISPLAY=:$D
 | ||||
| +    /usr/bin/matchbox-window-manager -use_titlebar no &
 | ||||
| +    WM_PID=$!
 | ||||
| +    ~/.sandboxrc &
 | ||||
| +    CLIENT_PID=$!
 | ||||
| +    wait $CLIENT_PID
 | ||||
| +    export EXITCODE=$?
 | ||||
| +    kill -TERM $WM_PID
 | ||||
| +    kill -HUP 0
 | ||||
| +    break
 | ||||
| +done
 | ||||
| Binary files nsapolicycoreutils/sandbox/seunshare and policycoreutils-2.0.75/sandbox/seunshare differ | ||||
| diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.75/sandbox/seunshare.c
 | ||||
| --- nsapolicycoreutils/sandbox/seunshare.c	1969-12-31 19:00:00.000000000 -0500
 | ||||
| +++ policycoreutils-2.0.75/sandbox/seunshare.c	2009-11-03 09:44:56.000000000 -0500
 | ||||
| +++ policycoreutils-2.0.75/sandbox/seunshare.c	2009-11-11 16:00:27.000000000 -0500
 | ||||
| @@ -0,0 +1,265 @@
 | ||||
| +#include <signal.h>
 | ||||
| +#include <sys/types.h>
 | ||||
| @ -2151,7 +2152,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po | ||||
| +			perror("Failed to change dir to homedir");
 | ||||
| +			exit(-1);
 | ||||
| +		}
 | ||||
| +		
 | ||||
| +		setsid();
 | ||||
| +		execv(argv[optind], argv + optind);
 | ||||
| +		free(display);
 | ||||
| +		perror("execv");
 | ||||
| @ -2162,6 +2163,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po | ||||
| +
 | ||||
| +	return status;
 | ||||
| +}
 | ||||
| Binary files nsapolicycoreutils/sandbox/seunshare.o and policycoreutils-2.0.75/sandbox/seunshare.o differ | ||||
| diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.75/scripts/chcat
 | ||||
| --- nsapolicycoreutils/scripts/chcat	2009-06-23 15:36:07.000000000 -0400
 | ||||
| +++ policycoreutils-2.0.75/scripts/chcat	2009-11-03 09:44:56.000000000 -0500
 | ||||
|  | ||||
| @ -6,7 +6,7 @@ | ||||
| Summary: SELinux policy core utilities | ||||
| Name:	 policycoreutils | ||||
| Version: 2.0.75 | ||||
| Release: 1%{?dist} | ||||
| Release: 2%{?dist} | ||||
| License: GPLv2+ | ||||
| Group:	 System Environment/Base | ||||
| Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz | ||||
| @ -296,6 +296,9 @@ fi | ||||
| exit 0 | ||||
| 
 | ||||
| %changelog | ||||
| * Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2 | ||||
| - Fix sandbox to setsid so it can run under mozilla without crashing the session | ||||
| 
 | ||||
| * Tue Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1 | ||||
| - Update to upstream | ||||
| 	* Factor out restoring logic from setfiles.c into restore.c | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user