vbatts/shadow-utils-newxidmap
1
0
Fork 0
Code Issues Pull requests Releases Activity

report error to stdout when SELinux context for home directory

Browse source 
cannot be determined (#973647)
- audit the changing home directory owner (#885797)
- do not set the default SELinux MLS range (#852676)
This commit is contained in:
Tomas Mraz 2013-06-14 15:27:20 +02:00
parent a253a4a28b
commit 32f6a78157
4 changed files with 104 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
shadow-4.1.5.1-audit-owner.patch Normal file
View file

@ -0,0 +1,32 @@
diff -up shadow-4.1.5.1/src/usermod.c.audit shadow-4.1.5.1/src/usermod.c
--- shadow-4.1.5.1/src/usermod.c.audit 2011-11-21 23:02:16.000000000 +0100
+++ shadow-4.1.5.1/src/usermod.c 2013-06-14 14:54:20.237026550 +0200
@@ -1513,6 +1513,14 @@ static void move_home (void)
fail_exit (E_HOMEDIR);
}
+#ifdef WITH_AUDIT
+ if (uflg || gflg) {
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "changing home directory owner",
+ user_newname, (unsigned int) user_newid, 1);
+ }
+#endif
+
if (rename (user_home, user_newhome) == 0) {
/* FIXME: rename above may have broken symlinks
* pointing to the user's home directory
@@ -1947,6 +1955,13 @@ int main (int argc, char **argv)
* ownership.
*
*/
+#ifdef WITH_AUDIT
+ if (uflg || gflg) {
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "changing home directory owner",
+ user_newname, (unsigned int) user_newid, 1);
+ }
+#endif
if (chown_tree (dflg ? user_newhome : user_home,
user_id,
uflg ? user_newid : (uid_t)-1,

35
shadow-4.1.5.1-default-range.patch Normal file
View file

@ -0,0 +1,35 @@
diff -up shadow-4.1.5.1/lib/semanage.c.default-range shadow-4.1.5.1/lib/semanage.c
--- shadow-4.1.5.1/lib/semanage.c.default-range 2012-01-08 17:35:44.000000000 +0100
+++ shadow-4.1.5.1/lib/semanage.c 2013-06-14 15:14:51.970237594 +0200
@@ -143,6 +143,7 @@ static int semanage_user_mod (semanage_h
goto done;
}
+#if 0
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
fprintf (stderr,
@@ -150,6 +151,7 @@ static int semanage_user_mod (semanage_h
ret = 1;
goto done;
}
+#endif
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
if (ret != 0) {
@@ -200,6 +202,7 @@ static int semanage_user_add (semanage_h
goto done;
}
+#if 0
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
fprintf (stderr,
@@ -208,6 +211,7 @@ static int semanage_user_add (semanage_h
ret = 1;
goto done;
}
+#endif
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
if (ret != 0) {

23
shadow-4.1.5.1-errmsg.patch Normal file
View file

@ -0,0 +1,23 @@
diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c
--- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.000000000 +0100
+++ shadow-4.1.5.1/src/useradd.c 2013-06-14 14:22:59.529661095 +0200
@@ -1760,6 +1760,9 @@ static void create_home (void)
if (access (user_home, F_OK) != 0) {
#ifdef WITH_SELINUX
if (set_selinux_file_context (user_home, NULL) != 0) {
+ fprintf (stderr,
+ _("%s: cannot set SELinux context for home directory %s\n"),
+ Prog, user_home);
fail_exit (E_HOMEDIR);
}
#endif
@@ -1789,6 +1792,9 @@ static void create_home (void)
#ifdef WITH_SELINUX
/* Reset SELinux to create files with default contexts */
if (reset_selinux_file_context () != 0) {
+ fprintf (stderr,
+ _("%s: cannot reset SELinux file creation context\n"),
+ Prog);
fail_exit (E_HOMEDIR);
}
#endif

15
shadow-utils.spec
View file

@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils Name: shadow-utils
Version: 4.1.5.1 Version: 4.1.5.1
Release: 5%{?dist} Release: 6%{?dist}
Epoch: 2 Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/ URL: http://pkg-shadow.alioth.debian.org/
Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2
@ -18,6 +18,10 @@ Patch8: shadow-4.1.5.1-backup-mode.patch
Patch9: shadow-4.1.5.1-merge-group.patch Patch9: shadow-4.1.5.1-merge-group.patch
Patch10: shadow-4.1.5.1-orig-context.patch Patch10: shadow-4.1.5.1-orig-context.patch
Patch11: shadow-4.1.5.1-logmsg.patch Patch11: shadow-4.1.5.1-logmsg.patch
Patch12: shadow-4.1.5.1-errmsg.patch
Patch13: shadow-4.1.5.1-audit-owner.patch
Patch14: shadow-4.1.5.1-default-range.patch
License: BSD and GPLv2+ License: BSD and GPLv2+
Group: System Environment/Base Group: System Environment/Base
BuildRequires: libselinux-devel >= 1.25.2-1 BuildRequires: libselinux-devel >= 1.25.2-1
@ -56,6 +60,9 @@ are used for managing group accounts.
%patch9 -p1 -b .merge-group %patch9 -p1 -b .merge-group
%patch10 -p1 -b .orig-context %patch10 -p1 -b .orig-context
%patch11 -p1 -b .logmsg %patch11 -p1 -b .logmsg
%patch12 -p1 -b .errmsg
%patch13 -p1 -b .audit-owner
%patch14 -p1 -b .default-range
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO cp -f doc/HOWTO.utf8 doc/HOWTO
@ -209,6 +216,12 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8* %{_mandir}/man8/vigr.8*
%changelog %changelog
* Fri Jun 14 2013 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-6
- report error to stdout when SELinux context for home directory
cannot be determined (#973647)
- audit the changing home directory owner (#885797)
- do not set the default SELinux MLS range (#852676)
* Tue Mar 19 2013 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-5 * Tue Mar 19 2013 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-5
- improve the failure syslog message in useradd (#830617) - improve the failure syslog message in useradd (#830617)