From 8994f4c05c66aa363cf443dbc69a8b60025965b2 Mon Sep 17 00:00:00 2001 From: Peter Vrabec Date: Thu, 22 Mar 2012 16:51:40 +0100 Subject: [PATCH] - fix selinux context handling - reset selinux context on files copied from skel --- shadow-4.1.5-selinux.patch | 41 ++++++++++++++++++++++++++++++++++++++ shadow-utils.spec | 8 +++++++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 shadow-4.1.5-selinux.patch diff --git a/shadow-4.1.5-selinux.patch b/shadow-4.1.5-selinux.patch new file mode 100644 index 0000000..d138e58 --- /dev/null +++ b/shadow-4.1.5-selinux.patch @@ -0,0 +1,41 @@ +diff -up shadow-4.1.5/lib/commonio.c.selinux shadow-4.1.5/lib/commonio.c +--- shadow-4.1.5/lib/commonio.c.selinux 2011-12-09 23:23:16.000000000 +0100 ++++ shadow-4.1.5/lib/commonio.c 2012-03-22 16:42:00.952464092 +0100 +@@ -977,6 +977,12 @@ int commonio_close (struct commonio_db * + + snprintf (buf, sizeof buf, "%s+", db->filename); + ++#ifdef WITH_SELINUX ++ if (set_selinux_file_context (buf) != 0) { ++ errors++; ++ } ++#endif ++ + db->fp = fopen_set_perms (buf, "w", &sb); + if (NULL == db->fp) { + goto fail; +@@ -1011,6 +1017,12 @@ int commonio_close (struct commonio_db * + goto fail; + } + ++#ifdef WITH_SELINUX ++ if (reset_selinux_file_context () != 0) { ++ goto fail; ++ } ++#endif ++ + nscd_need_reload = true; + goto success; + fail: +diff -up shadow-4.1.5/src/useradd.c.selinux shadow-4.1.5/src/useradd.c +--- shadow-4.1.5/src/useradd.c.selinux 2012-03-22 16:46:11.007377548 +0100 ++++ shadow-4.1.5/src/useradd.c 2012-03-22 16:46:35.037251897 +0100 +@@ -2040,7 +2040,7 @@ int main (int argc, char **argv) + if (mflg) { + create_home (); + if (home_added) { +- copy_tree (def_template, user_home, false, false, ++ copy_tree (def_template, user_home, false, true, + (uid_t)-1, user_id, (gid_t)-1, user_gid); + } else { + fprintf (stderr, diff --git a/shadow-utils.spec b/shadow-utils.spec index 11c5f0e..269fb40 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.1.5 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 @@ -13,6 +13,7 @@ Patch2: shadow-4.1.4.2-infoParentDir.patch Patch3: shadow-4.1.5-uflg.patch Patch4: shadow-4.1.5-man.patch Patch5: shadow-4.1.5-grremove.patch +Patch6: shadow-4.1.5-selinux.patch License: BSD and GPLv2+ Group: System Environment/Base BuildRequires: libselinux-devel >= 1.25.2-1 @@ -47,6 +48,7 @@ are used for managing group accounts. %patch3 -p1 -b .uflg %patch4 -p1 -b .man %patch5 -p1 -b .grremove +%patch6 -p1 -b .selinux iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 @@ -202,6 +204,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Wed Mar 22 2012 Peter Vrabec - 2:4.1.5-2 +- fix selinux context handling +- reset selinux context on files copied from skel + * Mon Mar 19 2012 Peter Vrabec - 2:4.1.5-1 - upgrade