- preserve ACL's on files in /etc/skel Resolves: #513055
This commit is contained in:
parent
d787a9d254
commit
4f86795e64
3 changed files with 129 additions and 2 deletions
121
shadow-4.1.4.2-acl.patch
Normal file
121
shadow-4.1.4.2-acl.patch
Normal file
|
@ -0,0 +1,121 @@
|
|||
diff -up shadow-4.1.4.2/libmisc/copydir.c.acl shadow-4.1.4.2/libmisc/copydir.c
|
||||
--- shadow-4.1.4.2/libmisc/copydir.c.acl 2010-04-29 15:55:26.949959971 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/copydir.c 2010-04-29 15:55:26.956960471 +0200
|
||||
@@ -45,6 +45,9 @@
|
||||
#ifdef WITH_SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
#endif
|
||||
+#include <attr/error_context.h>
|
||||
+#include <acl/libacl.h>
|
||||
+
|
||||
static /*@null@*/const char *src_orig;
|
||||
static /*@null@*/const char *dst_orig;
|
||||
|
||||
@@ -70,7 +73,7 @@ static int copy_symlink (const char *src
|
||||
#endif
|
||||
static int copy_hardlink (const char *src, const char *dst,
|
||||
struct link_name *lp);
|
||||
-static int copy_special (const char *dst,
|
||||
+static int copy_special (const char *src, const char *dst,
|
||||
const struct stat *statp, const struct timeval mt[],
|
||||
long int uid, long int gid);
|
||||
static int copy_file (const char *src, const char *dst,
|
||||
@@ -78,6 +81,24 @@ static int copy_file (const char *src, c
|
||||
long int uid, long int gid);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
+
|
||||
+void error (struct error_context *ctx, const char *fmt, ...)
|
||||
+{
|
||||
+ va_list ap;
|
||||
+
|
||||
+ va_start (ap, fmt);
|
||||
+ (void) fprintf (stderr, _("%s: "), Prog);
|
||||
+ if (vfprintf (stderr, fmt, ap) != 0) {
|
||||
+ (void) fputs (_(": "), stderr);
|
||||
+ }
|
||||
+ (void) fprintf (stderr, "%s\n", strerror (errno));
|
||||
+ va_end (ap);
|
||||
+}
|
||||
+
|
||||
+struct error_context ctx = {
|
||||
+ error
|
||||
+};
|
||||
+
|
||||
/*
|
||||
* selinux_file_context - Set the security context before any file or
|
||||
* directory creation.
|
||||
@@ -369,7 +390,7 @@ static int copy_entry (const char *src,
|
||||
*/
|
||||
|
||||
else if (!S_ISREG (sb.st_mode)) {
|
||||
- err = copy_special (dst, &sb, mt, uid, gid);
|
||||
+ err = copy_special (src, dst, &sb, mt, uid, gid);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -413,6 +434,7 @@ static int copy_dir (const char *src, co
|
||||
|| (chown (dst,
|
||||
(uid == - 1) ? statp->st_uid : (uid_t) uid,
|
||||
(gid == - 1) ? statp->st_gid : (gid_t) gid) != 0)
|
||||
+ || (perm_copy_file (src, dst, &ctx) != 0)
|
||||
|| (chmod (dst, statp->st_mode) != 0)
|
||||
|| (copy_tree (src, dst, uid, gid) != 0)
|
||||
|| (utimes (dst, mt) != 0)) {
|
||||
@@ -514,6 +536,13 @@ static int copy_symlink (const char *src
|
||||
|| (lchown (dst,
|
||||
(uid == -1) ? statp->st_uid : (uid_t) uid,
|
||||
(gid == -1) ? statp->st_gid : (gid_t) gid) != 0)) {
|
||||
+ /* FIXME: there are no modes on symlinks, right?
|
||||
+ * ACL could be copied, but this would be much more
|
||||
+ * complex than calling perm_copy_file.
|
||||
+ * Ditto for Extended Attributes.
|
||||
+ * We currently only document that ACL and Extended
|
||||
+ * Attributes are not copied.
|
||||
+ */
|
||||
free (oldlink);
|
||||
return -1;
|
||||
}
|
||||
@@ -542,7 +571,7 @@ static int copy_symlink (const char *src
|
||||
static int copy_hardlink (const char *src, const char *dst,
|
||||
struct link_name *lp)
|
||||
{
|
||||
- /* TODO: selinux needed? */
|
||||
+ /* TODO: selinux, ACL, Extended Attributes needed? */
|
||||
|
||||
if (link (lp->ln_name, dst) != 0) {
|
||||
return -1;
|
||||
@@ -574,7 +603,7 @@ static int copy_hardlink (const char *sr
|
||||
*
|
||||
* Return 0 on success, -1 on error.
|
||||
*/
|
||||
-static int copy_special (const char *dst,
|
||||
+static int copy_special (const char *src, const char *dst,
|
||||
const struct stat *statp, const struct timeval mt[],
|
||||
long int uid, long int gid)
|
||||
{
|
||||
@@ -628,7 +657,7 @@ static int copy_file (const char *src, c
|
||||
|| (fchown (ofd,
|
||||
(uid == -1) ? statp->st_uid : (uid_t) uid,
|
||||
(gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
|
||||
- || (fchmod (ofd, statp->st_mode & 07777) != 0)) {
|
||||
+ || (perm_copy_fd (src, ifd, dst, ofd, &ctx) != 0) ) {
|
||||
(void) close (ifd);
|
||||
return -1;
|
||||
}
|
||||
diff -up shadow-4.1.4.2/src/Makefile.in.acl shadow-4.1.4.2/src/Makefile.in
|
||||
--- shadow-4.1.4.2/src/Makefile.in.acl 2009-07-24 03:16:00.000000000 +0200
|
||||
+++ shadow-4.1.4.2/src/Makefile.in 2010-04-29 16:08:34.347960372 +0200
|
||||
@@ -430,9 +430,9 @@ su_SOURCES = \
|
||||
|
||||
su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
sulogin_LDADD = $(LDADD) $(LIBCRYPT)
|
||||
-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
-userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
+userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
vipw_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
all: all-am
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Utilities for managing accounts and shadow password files
|
||||
Name: shadow-utils
|
||||
Version: 4.1.4.2
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
Epoch: 2
|
||||
URL: http://pkg-shadow.alioth.debian.org/
|
||||
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
|
||||
|
@ -13,6 +13,7 @@ Patch2: shadow-4.1.4.2-leak.patch
|
|||
Patch3: shadow-4.1.4.2-fixes.patch
|
||||
Patch4: shadow-4.1.4.2-infoParentDir.patch
|
||||
Patch5: shadow-4.1.4.2-semange.patch
|
||||
Patch6: shadow-4.1.4.2-acl.patch
|
||||
License: BSD and GPLv2+
|
||||
Group: System Environment/Base
|
||||
BuildRequires: libselinux-devel >= 1.25.2-1
|
||||
|
@ -43,6 +44,7 @@ are used for managing group accounts.
|
|||
%patch3 -p1 -b .fixes
|
||||
%patch4 -p1 -b .infoParentDir
|
||||
%patch5 -p1 -b .semange
|
||||
%patch6 -p1 -b .acl
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||
|
@ -185,6 +187,10 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man8/vigr.8*
|
||||
|
||||
%changelog
|
||||
* Thu Apr 29 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-6
|
||||
- preserve ACL's on files in /etc/skel
|
||||
Resolves: #513055
|
||||
|
||||
* Wed Apr 28 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-5
|
||||
- newusers man page more informative
|
||||
- userdel should not need to run semanage
|
||||
|
|
Loading…
Reference in a new issue