rpms/rpm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Patch for no contexts

Browse Source
This commit is contained in:
Paul Nasrat 2006-06-23 17:25:38 +00:00
parent a5c9d47ef0
commit 088b460e39
1 changed files with 132 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
rpm-4.4.2-noselinux-verify.patch Normal file
View File

@ -0,0 +1,132 @@
--- ./lib/query.c.nosever 2006-06-23 13:00:13.000000000 -0400
+++ ./lib/query.c 2006-06-23 13:00:56.000000000 -0400
@@ -787,22 +787,6 @@
if (qva->qva_flags & VERIFY_HDRCHK)
vsflags |= RPMVSF_NOHDRCHK;
-#ifdef NOTYET
- /* Initialize security context patterns (if not already done). */
- if (!(qva->qva_flags & VERIFY_CONTEXTS)) {
- rpmsx sx = rpmtsREContext(ts);
- if (sx == NULL) {
- arg = rpmGetPath("%{?_verify_file_context_path}", NULL);
- if (arg != NULL && *arg != '\0') {
- sx = rpmsxNew(arg);
- (void) rpmtsSetREContext(ts, sx);
- }
- arg = _free(arg);
- }
- sx = rpmsxFree(sx);
- }
-#endif
-
ovsflags = rpmtsSetVSFlags(ts, vsflags);
ec = rpmcliArgIter(ts, qva, argv);
vsflags = rpmtsSetVSFlags(ts, ovsflags);
--- ./lib/verify.c.nosever 2004-10-24 15:36:30.000000000 -0400
+++ ./lib/verify.c 2006-06-23 13:06:23.000000000 -0400
@@ -78,8 +78,6 @@
return 1;
}
- flags |= RPMVERIFY_CONTEXTS; /* no disable from package. */
-
/*
* Not all attributes of non-regular files can be verified.
*/
@@ -117,33 +115,6 @@
*/
flags &= ~(omitMask | RPMVERIFY_FAILURES);
- /*
- * Verify file security context.
- */
-/*@-branchstate@*/
- if (selinuxEnabled == 1 && (flags & RPMVERIFY_CONTEXTS)) {
- security_context_t con;
-
- rc = lgetfilecon(fn, &con);
- if (rc == -1)
- *res |= (RPMVERIFY_LGETFILECONFAIL|RPMVERIFY_CONTEXTS);
- else {
- rpmsx sx = rpmtsREContext(ts);
- const char * fcontext;
-
- if (sx != NULL) {
- /* Get file security context from patterns. */
- fcontext = rpmsxFContext(sx, fn, fmode);
- sx = rpmsxFree(sx);
- } else {
- /* Get file security context from package. */
- fcontext = rpmfiFContext(fi);
- }
- if (fcontext == NULL || strcmp(fcontext, con))
- *res |= RPMVERIFY_CONTEXTS;
- freecon(con);
- }
- }
/*@=branchstate@*/
if (flags & RPMVERIFY_MD5) {
@@ -331,10 +302,9 @@
}
} else if (verifyResult || rpmIsVerbose()) {
const char * size, * MD5, * link, * mtime, * mode;
- const char * group, * user, * rdev, *ctxt;
+ const char * group, * user, * rdev;
/*@observer@*/ static const char *const aok = ".";
/*@observer@*/ static const char *const unknown = "?";
- /*@observer@*/ static const char *const ctxt_ignore = " ";
ec = 1;
@@ -346,10 +316,6 @@
#define _verifyfile(_RPMVERIFY_F, _C) \
((verifyResult & RPMVERIFY_READFAIL) ? unknown : \
(verifyResult & _RPMVERIFY_F) ? _C : aok)
-#define _verifyctxt(_RPMVERIFY_F, _C) \
- ((selinuxEnabled != 1 ? ctxt_ignore : \
- (verifyResult & RPMVERIFY_LGETFILECONFAIL) ? unknown : \
- (verifyResult & _RPMVERIFY_F) ? _C : aok))
MD5 = _verifyfile(RPMVERIFY_MD5, "5");
size = _verify(RPMVERIFY_FILESIZE, "S");
@@ -359,15 +325,13 @@
user = _verify(RPMVERIFY_USER, "U");
group = _verify(RPMVERIFY_GROUP, "G");
mode = _verify(RPMVERIFY_MODE, "M");
- ctxt = _verifyctxt(RPMVERIFY_CONTEXTS, "C");
-#undef _verifyctxt
#undef _verifyfile
#undef _verifylink
#undef _verify
- sprintf(te, "%s%s%s%s%s%s%s%s%s %c %s",
- size, mode, MD5, rdev, link, user, group, mtime, ctxt,
+ sprintf(te, "%s%s%s%s%s%s%s%s %c %s",
+ size, mode, MD5, rdev, link, user, group, mtime,
((fileAttrs & RPMFILE_CONFIG) ? 'c' :
(fileAttrs & RPMFILE_DOC) ? 'd' :
(fileAttrs & RPMFILE_GHOST) ? 'g' :
@@ -522,20 +486,6 @@
vsflags |= RPMVSF_NOHDRCHK;
vsflags &= ~RPMVSF_NEEDPAYLOAD;
- /* Initialize security context patterns (if not already done). */
- if (qva->qva_flags & VERIFY_CONTEXTS) {
- rpmsx sx = rpmtsREContext(ts);
- if (sx == NULL) {
- arg = rpmGetPath("%{?_verify_file_context_path}", NULL);
- if (arg != NULL && *arg != '\0') {
- sx = rpmsxNew(arg);
- (void) rpmtsSetREContext(ts, sx);
- }
- arg = _free(arg);
- }
- sx = rpmsxFree(sx);
- }
-
ovsflags = rpmtsSetVSFlags(ts, vsflags);
ec = rpmcliArgIter(ts, qva, argv);
vsflags = rpmtsSetVSFlags(ts, ovsflags);