On Thu, 2010-05-20 at 07:15 -0400, Vadym Chepkov wrote: > Hi, > > Is there a way to make patch in Redhat SELinux compatible? > > # ls -Z php.php > -rw-r--r-- root root user_u:object_r:httpd_sys_content_t:s0 php.php > > # patch -p1 < /root/php.patch > patching file php.php > > # ls -Z php.php > -rw-r--r-- root root user_u:object_r:tmp_t:s0 php.php https://bugzilla.redhat.com/show_bug.cgi?id=229329 But I had thought that this had been fixed in Fedora. Maybe not. I'd suggest filing a bug against Fedora for it. There is a patch-selinux.patch in the patch .src.rpm so it seems like they did support this functionality at one time, but perhaps it has broken again. Tip: Make sure you stop restorecond before testing, as otherwise it may interfere with the results.

On Thu, May 20, 2010 at 1:15 PM, Vadym Chepkov <vchepkov(a)gmail.com&gt; wrote: > Hi, > > Is there a way to make patch in Redhat SELinux compatible? > > # ls -Z php.php > -rw-r--r-- root root user_u:object_r:httpd_sys_content_t:s0 php.php > > # patch -p1 < /root/php.patch > patching file php.php > > # ls -Z php.php > -rw-r--r-- root root user_u:object_r:tmp_t:s0 php.php Strange. For me this work as aspected, because patch first unlink php.php and after read /tmp/pxxxx and write php.php. Are you sure that the file context for your php.php was persistent (via semanage fscontext ) and not set via chcon ?

On Thu, 2010-05-20 at 08:22 -0400, Vadym Chepkov wrote: > On May 20, 2010, at 8:12 AM, yersinia wrote: > >> On Thu, May 20, 2010 at 1:15 PM, Vadym Chepkov <vchepkov(a)gmail.com&gt; wrote: >>> Hi, >>> >>> Is there a way to make patch in Redhat SELinux compatible? >>> >>> # ls -Z php.php >>> -rw-r--r-- root root user_u:object_r:httpd_sys_content_t:s0 php.php >>> >>> # patch -p1 < /root/php.patch >>> patching file php.php >>> >>> # ls -Z php.php >>> -rw-r--r-- root root user_u:object_r:tmp_t:s0 php.php >> Strange. For me this work as aspected, because patch first unlink php.php and >> after read /tmp/pxxxx and write php.php. Are you sure that the file >> context for your php.php was persistent (via semanage fscontext ) and >> not set via chcon ? > > yes, I am sure. > and I never user 'semanage fcontext', I prefer local.fc > But in this case it's under /var/www, so it inherits default context. > > rpm -qlp patch-2.5.4-29.2.3.el5.src.rpm > patch-2.5-stderr.patch > patch-2.5.4-ifdef.patch > patch-2.5.4-program_name.patch > patch-2.5.4-sigsegv.patch > patch-2.5.4-suffix.patch > patch-2.5.4.tar.gz > patch-parse.patch > patch-posix-backup.patch > patch-stripcr.patch > patch.spec > > no selinux :( Hmmm...I ran the test case in that bug though and it still fails on F-12. Even with a -selinux patch in the .src.rpm.