[policycoreutils/f15/master] Fix rsync command to work if the directory is old. Fix all tests
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Mar 18 21:49:23 UTC 2011
commit f7c4958dbf5a1b84013284eb1d419ebb7d4883f4
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Mar 18 17:49:10 2011 -0400
Fix rsync command to work if the directory is old.
Fix all tests
policycoreutils-rhat.patch | 135 +++++++++++++++++++++++++++++++++----------
policycoreutils.spec | 6 ++-
2 files changed, 108 insertions(+), 33 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 506acb0..6e09801 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1639,7 +1639,7 @@ index ff0ee7c..0c8a085 100644
test:
@python test_sandbox.py -v
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
-index 48a26c2..b815af2 100644
+index 48a26c2..29c99ed 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -1,5 +1,6 @@
@@ -1829,17 +1829,18 @@ index 48a26c2..b815af2 100644
if self.__options.setype:
self.setype = self.__options.setype
-@@ -299,6 +336,9 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
- self.__options.X_ind = True
+@@ -300,6 +337,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
self.__homedir = self.__options.homedir
self.__tmpdir = self.__options.tmpdir
-+ elif self.__options.level:
-+ self.__homedir = self.__options.homedir
-+ self.__tmpdir = self.__options.tmpdir
else:
++ if self.__options.level:
++ self.__homedir = self.__options.homedir
++ self.__tmpdir = self.__options.tmpdir
++
if len(cmds) == 0:
self.usage(_("Command required"))
-@@ -329,44 +369,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+ cmds[0] = fullpath(cmds[0])
+@@ -329,44 +370,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
def __setup_dir(self):
if self.__options.level or self.__options.session:
return
@@ -1903,7 +1904,7 @@ index 48a26c2..b815af2 100644
selinux.setexeccon(self.__execcon)
rc = subprocess.Popen(self.__cmds).wait()
-@@ -404,7 +443,7 @@ if __name__ == '__main__':
+@@ -404,7 +444,7 @@ if __name__ == '__main__':
sandbox = Sandbox()
rc = sandbox.main()
except OSError, error:
@@ -2121,10 +2122,10 @@ index 0000000..e7b8991
+and
+.I Thomas Liu <tliu at fedoraproject.org>
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index ec692e7..7df3167 100644
+index ec692e7..629a2d3 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
-@@ -1,28 +1,34 @@
+@@ -1,28 +1,35 @@
+/*
+ * Authors: Dan Walsh <dwalsh at redhat.com>
+ * Authors: Thomas Liu <tliu at fedoraproject.org>
@@ -2137,6 +2138,7 @@ index ec692e7..7df3167 100644
#include <sys/wait.h>
#include <syslog.h>
#include <sys/mount.h>
++#include <glob.h>
#include <pwd.h>
-#define _GNU_SOURCE
#include <sched.h>
@@ -2164,7 +2166,7 @@ index ec692e7..7df3167 100644
#ifdef USE_NLS
#include <locale.h> /* for setlocale() */
#include <libintl.h> /* for gettext() */
-@@ -39,29 +45,47 @@
+@@ -39,29 +46,47 @@
#define MS_PRIVATE 1<<18
#endif
@@ -2225,7 +2227,7 @@ index ec692e7..7df3167 100644
*/
static int set_signal_handles(void)
{
-@@ -75,8 +99,8 @@ static int set_signal_handles(void)
+@@ -75,8 +100,8 @@ static int set_signal_handles(void)
(void)sigprocmask(SIG_SETMASK, &empty, NULL);
@@ -2236,7 +2238,7 @@ index ec692e7..7df3167 100644
perror("Unable to set SIGHUP handler");
return -1;
}
-@@ -84,23 +108,103 @@ static int set_signal_handles(void)
+@@ -84,23 +109,103 @@ static int set_signal_handles(void)
return 0;
}
@@ -2350,7 +2352,7 @@ index ec692e7..7df3167 100644
return 0;
}
-@@ -123,7 +227,7 @@ static int verify_shell(const char *shell_name)
+@@ -123,7 +228,7 @@ static int verify_shell(const char *shell_name)
/* check the shell skipping newline char */
if (!strcmp(shell_name, buf)) {
@@ -2359,7 +2361,7 @@ index ec692e7..7df3167 100644
break;
}
}
-@@ -131,45 +235,439 @@ static int verify_shell(const char *shell_name)
+@@ -131,45 +236,509 @@ static int verify_shell(const char *shell_name)
return rc;
}
@@ -2401,7 +2403,6 @@ index ec692e7..7df3167 100644
}
- if (verify_mount(dst, pwd) < 0)
-- return -1;
+ /* verify whether we mounted what we expected to mount */
+ if (verify_directory(dst, src_st, NULL) < 0) return -1;
+
@@ -2426,9 +2427,8 @@ index ec692e7..7df3167 100644
+
+ return 0;
+
- }
-
--#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
++}
++
+/**
+ * Error logging used by cgroups code.
+ */
@@ -2630,6 +2630,80 @@ index ec692e7..7df3167 100644
+ return rc;
+}
+
++/*
++ This function returns 0 on success and -1 on failure.
++ The cmdbuf will contain the rsync command string to copy all files from
++ src dir to tmp. cmdbuf can be NULL if no files need to be compied;
++*/
++static int rsynccmd(const char * src, const char *dst, char **cmdbuf)
++{
++ char *buf = NULL;
++ char *newbuf = NULL;
++ glob_t fglob;
++ fglob.gl_offs = 0;
++ int flags = GLOB_DOOFFS | GLOB_TILDE;
++ unsigned int i = 0;
++ int rc = -1;
++
++ /* match glob for all files in src dir */
++ if (asprintf(&buf, "%s/*", src) == -1) {
++ fprintf(stderr, "Out of memory\n");
+ return -1;
++ }
++
++ if (glob(buf, flags, NULL, &fglob) < 0) {
++ free(buf); buf = NULL;
++ return -1;
++ }
++
++ free(buf); buf = NULL;
++
++ /* append match glob for all hidden files in src dir exclude . and .. */
++ if (asprintf(&buf, "%s/.[^.]*", src) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ goto err;
++ }
++
++ if (glob(buf, flags | GLOB_APPEND ,NULL, &fglob) < 0) {
++ goto err;
++ }
++
++ free(buf); buf = NULL;
++
++ for ( i=0; i < fglob.gl_pathc; i++) {
++ if (!buf) {
++ if (asprintf(&newbuf, "%s", fglob.gl_pathv[i]) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ goto err;
++ }
++ } else {
++ if (asprintf(&newbuf, "%s %s", buf, fglob.gl_pathv[i]) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ goto err;
++ }
++ }
++ free(buf); buf = newbuf;
++ newbuf = NULL;
++ }
++
++ if (buf) {
++ if (asprintf(&newbuf, "/usr/bin/rsync -trlHDq %s '%s/'", buf, dst) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ goto err;
++ }
++ *cmdbuf=newbuf;
++ }
++ else {
++ *cmdbuf=NULL;
++ }
++ rc = 0;
++
++err:
++ free(buf); buf = NULL;
++ globfree(&fglob);
++ return rc;
++}
++
+/**
+ * Clean up runtime temporary directory. Returns 0 if no problem was detected,
+ * >0 if some error was detected, but errors here are treated as non-fatal and
@@ -2672,8 +2746,9 @@ index ec692e7..7df3167 100644
+ setfsuid(pwd->pw_uid);
+
+ return 0;
-+}
-+
+ }
+
+-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
+/**
+ * seunshare will create a tmpdir in /tmp, with root ownership. The parent
+ * process waits for it child to exit to attempt to remove the directory. If
@@ -2760,15 +2835,11 @@ index ec692e7..7df3167 100644
+ }
+ }
+
-+ /* copy files to the new temporary directory */
-+ /* XXX: when using -aHAXq args here, rsync tries to chmod/chown/...
-+ * /tmp/.sandbox-$USER-XXXXXX, --ignore-existing does not help */
-+ if (asprintf(&cmdbuf, "/usr/bin/rsync -trlHDq '%s/' '%s/'", src, tmpdir) == -1) {
-+ fprintf(stderr, _("Out of memory\n"));
-+ cmdbuf = NULL;
++ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
+ goto err;
+ }
-+ if (spawn_command(cmdbuf, pwd->pw_uid) != 0) {
++
++ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
+ fprintf(stderr, _("Failed to populate runtime temporary directory\n"));
+ cleanup_tmpdir(tmpdir, src, pwd, 0);
+ goto err;
@@ -2814,7 +2885,7 @@ index ec692e7..7df3167 100644
{NULL, 0, 0, 0}
};
-@@ -180,6 +678,12 @@ int main(int argc, char **argv) {
+@@ -180,6 +749,12 @@ int main(int argc, char **argv) {
return -1;
}
@@ -2827,7 +2898,7 @@ index ec692e7..7df3167 100644
struct passwd *pwd=getpwuid(uid);
if (!pwd) {
perror(_("getpwduid failed"));
-@@ -187,34 +691,30 @@ int main(int argc, char **argv) {
+@@ -187,34 +762,30 @@ int main(int argc, char **argv) {
}
if (verify_shell(pwd->pw_shell) < 0) {
@@ -2873,7 +2944,7 @@ index ec692e7..7df3167 100644
break;
default:
fprintf(stderr, "%s\n", USAGE_STRING);
-@@ -223,76 +723,84 @@ int main(int argc, char **argv) {
+@@ -223,76 +794,84 @@ int main(int argc, char **argv) {
}
if (! homedir_s && ! tmpdir_s) {
@@ -3007,7 +3078,7 @@ index ec692e7..7df3167 100644
if (display)
rc |= setenv("DISPLAY", display, 1);
rc |= setenv("HOME", pwd->pw_dir, 1);
-@@ -300,22 +808,41 @@ int main(int argc, char **argv) {
+@@ -300,22 +879,41 @@ int main(int argc, char **argv) {
rc |= setenv("USER", pwd->pw_name, 1);
rc |= setenv("LOGNAME", pwd->pw_name, 1);
rc |= setenv("PATH", DEFAULT_PATH, 1);
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 3a9dda4..33be631 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.85
-Release: 23%{?dist}
+Release: 24%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -331,6 +331,10 @@ fi
exit 0
%changelog
+* Fri Mar 18 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-24
+- Fix rsync command to work if the directory is old.
+- Fix all tests
+
* Wed Mar 16 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-23
- Fix sepolgen to generate network polcy using generic_if and genric_node versus all_if and all_node
More information about the scm-commits
mailing list