rpms/dhcp/F-9 dhcp-4.0.0-selinux.patch, NONE, 1.1 dhcp.spec, 1.208, 1.209 dhcp-3.0.5-selinux.patch, 1.3, NONE

Sat May 17 00:21:56 UTC 2008

Author: dcantrel

Update of /cvs/pkgs/rpms/dhcp/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30520

Modified Files:
	dhcp.spec 
Added Files:
	dhcp-4.0.0-selinux.patch 
Removed Files:
	dhcp-3.0.5-selinux.patch 
Log Message:
* Fri May 16 2008 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-15
- Set close-on-exec on dhclient.leases for SELinux (#446632)


dhcp-4.0.0-selinux.patch:

--- NEW FILE dhcp-4.0.0-selinux.patch ---
diff -up dhcp-4.0.0//client/dhclient.c.selinux dhcp-4.0.0//client/dhclient.c
--- dhcp-4.0.0//client/dhclient.c.selinux	2008-05-16 13:42:18.000000000 -1000
+++ dhcp-4.0.0//client/dhclient.c	2008-05-16 13:57:54.000000000 -1000
@@ -2908,6 +2908,11 @@ void rewrite_client_leases ()
 		return;
 	}
 
+	if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+		log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+		return;
+	}
+
 	/* If there is a default duid, write it out. */
 	if (default_duid.len != 0)
 		write_duid(&default_duid);
@@ -3011,6 +3016,10 @@ write_duid(struct data_string *duid)
 			log_error("can't create %s: %m", path_dhclient_db);
 			return ISC_R_IOERROR;
 		}
+		if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+			log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+			return ISC_R_IOERROR;
+		}
 	}
 
 	/* It would make more sense to write this as a hex string,
@@ -3058,6 +3067,10 @@ write_client6_lease(struct client_state 
 			log_error("can't create %s: %m", path_dhclient_db);
 			return ISC_R_IOERROR;
 		}
+		if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+			log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+			return ISC_R_IOERROR;
+		}
 	}
 
 	stat = fprintf(leaseFile, "lease6 {\n");
@@ -3161,6 +3174,10 @@ int write_client_lease (client, lease, r
 			log_error ("can't create %s: %m", path_dhclient_db);
 			return 0;
 		}
+		if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) {
+			log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+			return ISC_R_IOERROR;
+		}
 	}
 
 	errno = 0;


Index: dhcp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dhcp/F-9/dhcp.spec,v
retrieving revision 1.208
retrieving revision 1.209
diff -u -r1.208 -r1.209
--- dhcp.spec	1 Apr 2008 20:29:33 -0000	1.208
+++ dhcp.spec	17 May 2008 00:21:12 -0000	1.209
@@ -4,7 +4,7 @@
 Summary:  DHCP (Dynamic Host Configuration Protocol) server and relay agent
 Name:     dhcp
 Version:  4.0.0
-Release:  14%{?dist}
+Release:  15%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -43,7 +43,8 @@
 Patch14:  %{name}-4.0.0-manpages.patch
 Patch15:  %{name}-4.0.0-paths.patch
 Patch16:  %{name}-4.0.0-NetworkManager-crash.patch
-Patch17:  %{name}-4.0.0-libdhcp4client.patch
+Patch17:  %{name}-4.0.0-selinux.patch
+Patch18:  %{name}-4.0.0-libdhcp4client.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: autoconf
@@ -187,9 +188,12 @@
 # Avoid crash when dhclient is run with NetworkManager
 %patch16 -p1
 
-# Add the libdhcp4client target (library version of dhclient)
+# Set close-on-exec for dhclient.leases for SELinux (#446632)
 %patch17 -p1
 
+# Add the libdhcp4client target (library version of dhclient)
+%patch18 -p1
+
 # Copy in documentation and example scripts for LDAP patch to dhcpd
 %{__install} -p -m 0644 %{SOURCE5} .
 %{__install} -p -m 0644 %{SOURCE6} doc/
@@ -418,6 +422,9 @@
 %{_libdir}/libdhcp4client.so
 
 %changelog
+* Fri May 16 2008 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-15
+- Set close-on-exec on dhclient.leases for SELinux (#446632)
+
 * Tue Apr 01 2008 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-14
 - Avoid dhclient crash when run via NetworkManager (#439796)
 


--- dhcp-3.0.5-selinux.patch DELETED ---


