[policycoreutils/f13/master] rsynccmd should run outside of execcon
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Mar 29 18:28:32 UTC 2011
commit 299b50a55d97e3506fd9d086d31f2bf5d8f22e4e
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Mar 29 14:28:26 2011 -0400
rsynccmd should run outside of execcon
policycoreutils-rhat.patch | 25 +++++++++++++++----------
policycoreutils.spec | 7 +++++--
2 files changed, 20 insertions(+), 12 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index d39c16f..bf063e5 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -2237,7 +2237,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.I Thomas Liu <tliu at fedoraproject.org>
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.83/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 2010-06-16 08:04:12.000000000 -0400
-+++ policycoreutils-2.0.83/sandbox/seunshare.c 2011-03-24 17:53:45.207410252 -0400
++++ policycoreutils-2.0.83/sandbox/seunshare.c 2011-03-29 14:27:05.755938173 -0400
@@ -1,28 +1,35 @@
+/*
+ * Authors: Dan Walsh <dwalsh at redhat.com>
@@ -2474,7 +2474,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
break;
}
}
-@@ -131,45 +236,520 @@
+@@ -131,45 +236,525 @@
return rc;
}
@@ -2907,10 +2907,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ goto err;
+ }
+
-+ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
-+ goto err;
-+ }
-+
+ /* ok to not reach this if there is an error */
+ setfsuid(0);
+ }
@@ -2963,6 +2959,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ }
+ }
+
++ setfsuid(pwd->pw_uid);
++
++ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
++ goto err;
++ }
++
++ /* ok to not reach this if there is an error */
++ setfsuid(0);
++
+ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
+ fprintf(stderr, _("Failed to populate runtime temporary directory\n"));
+ cleanup_tmpdir(tmpdir, src, pwd, 0);
@@ -3009,7 +3014,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
{NULL, 0, 0, 0}
};
-@@ -180,6 +760,12 @@
+@@ -180,6 +765,12 @@
return -1;
}
@@ -3022,7 +3027,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
struct passwd *pwd=getpwuid(uid);
if (!pwd) {
perror(_("getpwduid failed"));
-@@ -187,34 +773,30 @@
+@@ -187,34 +778,30 @@
}
if (verify_shell(pwd->pw_shell) < 0) {
@@ -3068,7 +3073,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
break;
default:
fprintf(stderr, "%s\n", USAGE_STRING);
-@@ -223,76 +805,84 @@
+@@ -223,76 +810,84 @@
}
if (! homedir_s && ! tmpdir_s) {
@@ -3201,7 +3206,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if (display)
rc |= setenv("DISPLAY", display, 1);
rc |= setenv("HOME", pwd->pw_dir, 1);
-@@ -300,22 +890,41 @@
+@@ -300,22 +895,41 @@
rc |= setenv("USER", pwd->pw_name, 1);
rc |= setenv("LOGNAME", pwd->pw_name, 1);
rc |= setenv("PATH", DEFAULT_PATH, 1);
diff --git a/policycoreutils.spec b/policycoreutils.spec
index b9f4fb2..a8125a6 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.83
-Release: 33.7%{?dist}
+Release: 33.8%{?dist}
License: GPLv2
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -316,7 +316,10 @@ fi
exit 0
%changelog
-* Thu Mar 24 2011 Dan Walsh <dwalsh at redhat.com> 2.0.83-33.5
+* Tue Mar 29 2011 Dan Walsh <dwalsh at redhat.com> 2.0.83-33.8
+- rsynccmd should run outside of execcon
+
+* Thu Mar 24 2011 Dan Walsh <dwalsh at redhat.com> 2.0.83-33.7
- More fixes for seunshare
* Fri Mar 18 2011 Dan Walsh <dwalsh at redhat.com> 2.0.83-33.5
More information about the scm-commits
mailing list