rpms/pam/devel pam-1.0.1-selinux-restore-execcon.patch, NONE, 1.1 pam.spec, 1.177, 1.178

Tomáš Mráz (tmraz) fedora-extras-commits at redhat.com
Tue Apr 22 19:48:46 UTC 2008 

Author: tmraz

Update of /cvs/pkgs/rpms/pam/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21500

Modified Files:
	pam.spec 
Added Files:
	pam-1.0.1-selinux-restore-execcon.patch 
Log Message:
* Tue Apr 22 2008 Tomas Mraz <tmraz at redhat.com> 1.0.1-2
- pam_selinux: restore execcon properly (#443667)


pam-1.0.1-selinux-restore-execcon.patch:

--- NEW FILE pam-1.0.1-selinux-restore-execcon.patch ---
diff -up Linux-PAM-1.0.1/modules/pam_selinux/pam_selinux.c.restore-execcon Linux-PAM-1.0.1/modules/pam_selinux/pam_selinux.c
--- Linux-PAM-1.0.1/modules/pam_selinux/pam_selinux.c.restore-execcon	2008-03-20 18:06:32.000000000 +0100
+++ Linux-PAM-1.0.1/modules/pam_selinux/pam_selinux.c	2008-04-22 21:11:34.000000000 +0200
@@ -702,21 +702,21 @@ pam_sm_close_session(pam_handle_t *pamh,
     free(ttyn);
     ttyn=NULL;
   }
-  if (prev_user_context) {
-    if (setexeccon(prev_user_context)) {
+
+  if (setexeccon(prev_user_context)) {
       pam_syslog(pamh, LOG_ERR, "Unable to restore executable context %s.",
-	       prev_user_context);
+	       prev_user_context ? prev_user_context : "");
       if (security_getenforce() == 1)
          status = PAM_AUTH_ERR;
       else
          status = PAM_SUCCESS;
-    }
+  } else if (debug)
+      pam_syslog(pamh, LOG_NOTICE, "Executable context back to original");
+
+  if (prev_user_context) {
     freecon(prev_user_context);
     prev_user_context = NULL;
   }
 
-  if (debug)
-    pam_syslog(pamh, LOG_NOTICE, "setcontext back to orginal");
-
   return status;
 }


Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/devel/pam.spec,v
retrieving revision 1.177
retrieving revision 1.178
diff -u -r1.177 -r1.178
--- pam.spec	18 Apr 2008 08:43:42 -0000	1.177
+++ pam.spec	22 Apr 2008 19:48:10 -0000	1.178
@@ -5,7 +5,7 @@
 Summary: A security tool which provides authentication for applications
 Name: pam
 Version: 1.0.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 # pam_rhosts_auth module is BSD with advertising
@@ -26,6 +26,7 @@
 Patch2:  db-4.6.18-glibc.patch
 Patch4:  pam-0.99.8.1-dbpam.patch
 Patch10: pam-1.0.0-sepermit-screensaver.patch
+Patch11: pam-1.0.1-selinux-restore-execcon.patch
 Patch21: pam-0.99.10.0-unix-audit-failed.patch
 Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
 Patch32: pam-0.99.3.0-tally-fail-close.patch
@@ -102,6 +103,7 @@
 popd
 %patch4 -p1 -b .dbpam
 %patch10 -p1 -b .screensaver
+%patch11 -p1 -b .restore-execcon
 %patch21 -p1 -b .audit-failed
 %patch31 -p1 -b .try-first-pass
 %patch32 -p1 -b .fail-close
@@ -374,6 +376,9 @@
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Tue Apr 22 2008 Tomas Mraz <tmraz at redhat.com> 1.0.1-2
+- pam_selinux: restore execcon properly (#443667)
+
 * Fri Apr 18 2008 Tomas Mraz <tmraz at redhat.com> 1.0.1-1
 - upgrade to new upstream release (one bugfix only)
 - fix pam_sepermit use in screensavers

More information about the scm-commits mailing list