- fix selinux context handling

- reset selinux context on files copied from skel
This commit is contained in:
Peter Vrabec 2012-03-22 16:51:40 +01:00
parent 4c8c528414
commit 8994f4c05c
2 changed files with 48 additions and 1 deletions

View file

@ -0,0 +1,41 @@
diff -up shadow-4.1.5/lib/commonio.c.selinux shadow-4.1.5/lib/commonio.c
--- shadow-4.1.5/lib/commonio.c.selinux 2011-12-09 23:23:16.000000000 +0100
+++ shadow-4.1.5/lib/commonio.c 2012-03-22 16:42:00.952464092 +0100
@@ -977,6 +977,12 @@ int commonio_close (struct commonio_db *
snprintf (buf, sizeof buf, "%s+", db->filename);
+#ifdef WITH_SELINUX
+ if (set_selinux_file_context (buf) != 0) {
+ errors++;
+ }
+#endif
+
db->fp = fopen_set_perms (buf, "w", &sb);
if (NULL == db->fp) {
goto fail;
@@ -1011,6 +1017,12 @@ int commonio_close (struct commonio_db *
goto fail;
}
+#ifdef WITH_SELINUX
+ if (reset_selinux_file_context () != 0) {
+ goto fail;
+ }
+#endif
+
nscd_need_reload = true;
goto success;
fail:
diff -up shadow-4.1.5/src/useradd.c.selinux shadow-4.1.5/src/useradd.c
--- shadow-4.1.5/src/useradd.c.selinux 2012-03-22 16:46:11.007377548 +0100
+++ shadow-4.1.5/src/useradd.c 2012-03-22 16:46:35.037251897 +0100
@@ -2040,7 +2040,7 @@ int main (int argc, char **argv)
if (mflg) {
create_home ();
if (home_added) {
- copy_tree (def_template, user_home, false, false,
+ copy_tree (def_template, user_home, false, true,
(uid_t)-1, user_id, (gid_t)-1, user_gid);
} else {
fprintf (stderr,

View file

@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils Name: shadow-utils
Version: 4.1.5 Version: 4.1.5
Release: 1%{?dist} Release: 2%{?dist}
Epoch: 2 Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/ URL: http://pkg-shadow.alioth.debian.org/
Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2
@ -13,6 +13,7 @@ Patch2: shadow-4.1.4.2-infoParentDir.patch
Patch3: shadow-4.1.5-uflg.patch Patch3: shadow-4.1.5-uflg.patch
Patch4: shadow-4.1.5-man.patch Patch4: shadow-4.1.5-man.patch
Patch5: shadow-4.1.5-grremove.patch Patch5: shadow-4.1.5-grremove.patch
Patch6: shadow-4.1.5-selinux.patch
License: BSD and GPLv2+ License: BSD and GPLv2+
Group: System Environment/Base Group: System Environment/Base
BuildRequires: libselinux-devel >= 1.25.2-1 BuildRequires: libselinux-devel >= 1.25.2-1
@ -47,6 +48,7 @@ are used for managing group accounts.
%patch3 -p1 -b .uflg %patch3 -p1 -b .uflg
%patch4 -p1 -b .man %patch4 -p1 -b .man
%patch5 -p1 -b .grremove %patch5 -p1 -b .grremove
%patch6 -p1 -b .selinux
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
@ -202,6 +204,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8* %{_mandir}/man8/vigr.8*
%changelog %changelog
* Wed Mar 22 2012 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.5-2
- fix selinux context handling
- reset selinux context on files copied from skel
* Mon Mar 19 2012 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.5-1 * Mon Mar 19 2012 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.5-1
- upgrade - upgrade