[policycoreutils] Add umount code to seunshare to cleanup left over mounts of /var/tmp
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Dec 22 19:00:04 UTC 2011
commit 65250077476416d407ea7292ff6454fc5a27961b
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Dec 22 18:59:59 2011 +0000
Add umount code to seunshare to cleanup left over mounts of /var/tmp
policycoreutils-rhat.patch | 69 ++++++++++++++++++++++++++++++++++---------
policycoreutils.spec | 15 +++++++--
2 files changed, 65 insertions(+), 19 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index a544da3..f73410d 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -63,27 +63,66 @@ index 89f5d97..dfd9629 100644
restore_init(&r_opts);
diff --git a/policycoreutils/run_init/run_init.c b/policycoreutils/run_init/run_init.c
-index 9db766c..068e24c 100644
+index 9db766c..92034be 100644
--- a/policycoreutils/run_init/run_init.c
+++ b/policycoreutils/run_init/run_init.c
-@@ -414,10 +414,17 @@ int main(int argc, char *argv[])
- * execvp or using a exec(1) recycles pty's, and does not open a new
- * one.
- */
-+#ifdef USE_OPEN_INIT_PTY
- if (execvp("/usr/sbin/open_init_pty", argv)) {
- perror("execvp");
+@@ -406,6 +406,13 @@ int main(int argc, char *argv[])
+ new_context);
exit(-1);
}
-+#else
-+ if (execvp(argv[1], argv + 1)) {
-+ perror("execvp");
-+ exit(-1);
++ if (! access("/usr/sbin/open_init_pty", X_OK)) {
++ if (execvp(argv[1], argv + 1)) {
++ perror("execvp");
++ exit(-1);
++ }
++ return 0;
+ }
-+#endif
- return 0;
+ /*
+ * Do not execvp the command directly from run_init; since it would run
+ * under with a pty under sysadm_devpts_t. Instead, we call open_init_tty,
+diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
+index c493e98..0bc35f3 100644
+--- a/policycoreutils/sandbox/seunshare.c
++++ b/policycoreutils/sandbox/seunshare.c
+@@ -59,7 +59,7 @@ static int verbose = 0;
+ static int child = 0;
+
+ static capng_select_t cap_set = CAPNG_SELECT_BOTH;
+-
++static int var_tmp_mounted = 0;
+ /**
+ * This function will drop all capabilities.
+ */
+@@ -292,6 +292,8 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
+ fprintf(stderr, _("Failed to mount /var/tmp on /var/tmp: %s\n"), strerror(errno));
+ return -1;
+ }
++ var_tmp_mounted = 1;
++
+ if (mount("/var/tmp", "/var/tmp", NULL, MS_PRIVATE | flags, NULL) < 0) {
+ fprintf(stderr, _("Failed to make /var/tmp private: %s\n"), strerror(errno));
+ return -1;
+@@ -1031,12 +1033,18 @@ childerr:
+ exit(-1);
+ }
+
+- drop_caps();
+-
+ /* parent waits for child exit to do the cleanup */
+ waitpid(child, &status, 0);
+ status_to_retval(status, status);
+
++ if (var_tmp_mounted) {
++ /* attempt to umount /var/tmp twice on exit */
++ if (umount("/var/tmp") < 0) perror("umount /var/tmp");
++ if (umount("/var/tmp") < 0) perror("umount /var/tmp");
++ }
++
++ drop_caps();
++
+ /* Make sure all child processes exit */
+ kill(-child,SIGTERM);
- } /* main() */
diff --git a/policycoreutils/scripts/genhomedircon b/policycoreutils/scripts/genhomedircon
index ab696a7..58b19cd 100644
--- a/policycoreutils/scripts/genhomedircon
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 85ba308..4cd2c09 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.10
-Release: 1%{?dist}
+Release: 3%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -107,6 +107,10 @@ install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
tar -jxf %{SOURCE8} -C %{buildroot}/
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
+rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
+rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
+rm -f %{buildroot}/usr/sbin/open_init_pty
+
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
%{__mkdir} -p %{buildroot}%{_sysconfdir}/bash_completion.d/
@@ -267,7 +271,6 @@ rm -rf %{buildroot}
%{_sbindir}/semodule
%{_sbindir}/sestatus
%{_sbindir}/run_init
-%{_sbindir}/open_init_pty
%{_bindir}/secon
%{_bindir}/semodule_deps
%{_bindir}/semodule_expand
@@ -285,8 +288,6 @@ rm -rf %{buildroot}
%{_mandir}/ru/man8/fixfiles.8*
%{_mandir}/man8/load_policy.8*
%{_mandir}/ru/man8/load_policy.8*
-%{_mandir}/man8/open_init_pty.8*
-%{_mandir}/ru/man8/open_init_pty.8*
%{_mandir}/man8/restorecon.8*
%{_mandir}/ru/man8/restorecon.8*
%{_mandir}/man8/run_init.8*
@@ -355,6 +356,12 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Thu Dec 22 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.10-3
+- Add umount code to seunshare to cleanup left over mounts of /var/tmp
+
+* Wed Dec 21 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.10-2
+- Remove open_init_pty
+
* Wed Dec 21 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.10-1
-Update to upstream
- sepolgen
More information about the scm-commits
mailing list