[openssh] - Tweaking selabel batch to work properly without selinux rules loaded. (#632914)

Jan F. Chadima jfch2222 at fedoraproject.org
Mon Sep 13 08:27:13 UTC 2010 

commit 93909d91af4467b3908e435cbeff6bb67dbafb1f
Author: Jan F <jfch at hagar.bobr>
Date:   Mon Sep 13 10:26:50 2010 +0200

    - Tweaking selabel batch to work properly without selinux rules loaded. (#632914)

 openssh-5.6p1-selabel.patch |    8 +++++---
 openssh.spec                |    5 ++++-
 2 files changed, 9 insertions(+), 4 deletions(-)
---
diff --git a/openssh-5.6p1-selabel.patch b/openssh-5.6p1-selabel.patch
index 459164f..1cdc7d5 100644
--- a/openssh-5.6p1-selabel.patch
+++ b/openssh-5.6p1-selabel.patch
@@ -33,7 +33,7 @@ diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
  #include "openbsd-compat/openssl-compat.h"
  #include "openbsd-compat/sys-queue.h"
  
-@@ -848,10 +849,15 @@ main(int ac, char **av)
+@@ -848,10 +849,17 @@ main(int ac, char **av)
  	 */
  	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
  	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
@@ -41,8 +41,10 @@ diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
 +	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 +		char *scon;
 +
-+		matchpathcon(buf, 0700, &scon);
-+		setfscreatecon(scon);
++		if (matchpathcon(buf, 0700, &scon) != -1) {
++			setfscreatecon(scon);
++			matchpathcon_fini();
++		}
  		if (mkdir(buf, 0700) < 0)
  			error("Could not create directory '%.200s'.", buf);
 -
diff --git a/openssh.spec b/openssh.spec
index b1ad3c7..8692a3d 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -71,7 +71,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.6p1
-%define openssh_rel 3
+%define openssh_rel 4
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 27
 
@@ -581,6 +581,9 @@ fi
 %endif
 
 %changelog
+* Mon Sep 13 2010 Jan F. Chadima <jchadima at redhat.com> - 5.6p1-4 + 0.9.2-27
+- Tweaking selabel batch to work properly without selinux rules loaded. (#632914)
+
 * Wed Sep  8 2010 Tomas Mraz <tmraz at redhat.com> - 5.6p1-3 + 0.9.2-27
 - Make fipscheck hmacs compliant with FHS - requires new fipscheck

More information about the scm-commits mailing list