[gnome-keyring/f15/master] Update the pam module selinux patch
Tomas Bzatek
tbzatek at fedoraproject.org
Tue Mar 15 16:40:27 UTC 2011
commit 90d4af20f515c6a212758312cbe2ed67a275e32d
Author: Tomas Bzatek <tbzatek at redhat.com>
Date: Tue Mar 15 17:40:23 2011 +0100
Update the pam module selinux patch
gnome-keyring-2.91.93-pam-selinux.patch | 48 ++++++++++++++++++-------------
gnome-keyring.spec | 7 +++-
2 files changed, 33 insertions(+), 22 deletions(-)
---
diff --git a/gnome-keyring-2.91.93-pam-selinux.patch b/gnome-keyring-2.91.93-pam-selinux.patch
index ef1676c..ae05fa5 100644
--- a/gnome-keyring-2.91.93-pam-selinux.patch
+++ b/gnome-keyring-2.91.93-pam-selinux.patch
@@ -1,37 +1,33 @@
diff --git a/configure.in b/configure.in
-index a5a434d..8294028 100644
+index a5a434d..1d3801e 100644
--- a/configure.in
+++ b/configure.in
-@@ -572,6 +572,28 @@ AC_SUBST(GCOV)
+@@ -572,6 +572,24 @@ AC_SUBST(GCOV)
AC_SUBST(GENHTML)
# ----------------------------------------------------------------------
+# selinux
++
++LIBSELINUX=""
++selinux_status="no"
+AC_ARG_ENABLE([selinux],
-+ AC_HELP_STRING([--disable-selinux],[do not use SELinux]),
-+ WITH_SELINUX=$enableval, WITH_SELINUX=yes)
-+if test "$WITH_SELINUX" == "yes" ; then
-+ AC_CHECK_LIB([selinux],[getfilecon], LIBSELINUX="-lselinux", LIBSELINUX="")
-+ selinux_status="yes"
-+else
-+ LIBSELINUX=""
-+ selinux_status="no"
++ AC_HELP_STRING([--disable-selinux],[do not use SELinux]))
++if test "x$enable_selinux" != "xno"; then
++ AC_CHECK_LIB([selinux],[getfilecon],
++ [AC_CHECK_LIB([selinux],[setexeccon],
++ [AC_DEFINE([WITH_SELINUX], 1, [Defined if SE Linux support is compiled in])
++ LIBSELINUX="-lselinux"
++ selinux_status="yes"])
++ ])
+fi
+AC_SUBST(LIBSELINUX)
+AM_CONDITIONAL([HAVE_LIBSELINUX], [test ! -z "$LIBSELINUX"])
-+if test ! -z "$LIBSELINUX" ; then
-+ AC_DEFINE([WITH_SELINUX], 1, [Defined if SE Linux support is compiled in])
-+ BACKUP_LIBS=$LIBS
-+ LIBS="$LIBS $LIBSELINUX"
-+ AC_CHECK_FUNCS(setexeccon)
-+ LIBS=$BACKUP_LIBS
-+fi
+
+# ----------------------------------------------------------------------
# Valgrind
AC_ARG_ENABLE(valgrind,
-@@ -742,6 +764,7 @@ echo
+@@ -742,6 +760,7 @@ echo
echo "OPTIONAL DEPENDENCIES"
echo " PAM: $pam_status"
echo " Linux capabilities: $libcapng_status"
@@ -39,8 +35,20 @@ index a5a434d..8294028 100644
echo
echo "CONFIGURATION"
echo " SSH Agent: $ssh_status"
+diff --git a/pam/Makefile.am b/pam/Makefile.am
+index 81bda13..2e6362d 100644
+--- a/pam/Makefile.am
++++ b/pam/Makefile.am
+@@ -16,6 +16,7 @@ pam_gnome_keyring_la_LIBADD = \
+ $(top_builddir)/egg/libegg-buffer.la \
+ $(top_builddir)/egg/libegg-creds.la \
+ $(top_builddir)/egg/libegg-secure.la \
++ $(LIBSELINUX) \
+ -lpam
+
+ pam_gnome_keyring_la_LDFLAGS = \
diff --git a/pam/gkr-pam-module.c b/pam/gkr-pam-module.c
-index e63c917..2e2e765 100644
+index e63c917..8ad814c 100644
--- a/pam/gkr-pam-module.c
+++ b/pam/gkr-pam-module.c
@@ -317,6 +317,36 @@ cleanup_free_password (pam_handle_t *ph, void *data, int pam_end_status)
@@ -63,7 +71,7 @@ index e63c917..2e2e765 100644
+
+ ret = getfilecon(command, &fcon);
+ if (ret < 0) goto err;
-+
++
+ ret = security_compute_create(execcon, fcon, SECCLASS_PROCESS, &newcon);
+ if (ret < 0) goto err;
+
diff --git a/gnome-keyring.spec b/gnome-keyring.spec
index 5aed3f3..db805e5 100644
--- a/gnome-keyring.spec
+++ b/gnome-keyring.spec
@@ -8,7 +8,7 @@
Summary: Framework for managing passwords and other secrets
Name: gnome-keyring
Version: 2.91.92
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Libraries
#VCS: git:git://git.gnome.org/gnome-keyring
@@ -36,6 +36,7 @@ BuildRequires: libtasn1-tools
BuildRequires: libgnome-keyring-devel >= %{libgnome-keyring_version}
BuildRequires: gtk-doc
BuildRequires: libcap-ng-devel
+BuildRequires: libselinux-devel
# for smooth transition since the core was split
Requires: libgnome-keyring >= %{libgnome-keyring_version}
@@ -80,7 +81,6 @@ autoreconf -i -f
%configure --disable-gtk-doc \
--with-pam-dir=/%{_lib}/security \
- --disable-acl-prompts \
--enable-pam \
--with-gtk=3.0
@@ -148,6 +148,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas
%changelog
+* Tue Mar 15 2011 Tomas Bzatek <tbzatek at redhat.com> - 2.91.92-3
+- Update the pam module selinux patch
+
* Tue Mar 15 2011 Tomas Bzatek <tbzatek at redhat.com> - 2.91.92-2
- Set correct SELinux context of daemon started from the pam module (#684225)
More information about the scm-commits
mailing list