[libsemanage/f16] Add Stephen Smalley patch to make sure selinux config files are created with the correct permissions

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 20 19:42:02 UTC 2011 

commit 018c5c8f382e0c86b7526e4cf2f615c884235e96
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Thu Oct 20 15:41:58 2011 -0400

    Add Stephen Smalley patch to make sure selinux config files are created with the correct permissions,
    ignoring the umask

 libsemanage-umask.patch |   30 ++++++++++++++++++++++++++++++
 libsemanage.spec        |    8 +++++++-
 2 files changed, 37 insertions(+), 1 deletions(-)
---
diff --git a/libsemanage-umask.patch b/libsemanage-umask.patch
new file mode 100644
index 0000000..b909686
--- /dev/null
+++ b/libsemanage-umask.patch
@@ -0,0 +1,30 @@
+diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
+index e322992..a223aa7 100644
+--- a/libsemanage/src/semanage_store.c
++++ b/libsemanage/src/semanage_store.c
+@@ -495,6 +495,7 @@ static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
+ 	int in, out, retval = 0, amount_read, n, errsv = errno;
+ 	char tmp[PATH_MAX];
+ 	char buf[4192];
++	mode_t mask;
+ 
+ 	n = snprintf(tmp, PATH_MAX, "%s.tmp", dst);
+ 	if (n < 0 || n >= PATH_MAX)
+@@ -506,13 +507,16 @@ static int semanage_copy_file(const char *src, const char *dst, mode_t mode)
+ 
+ 	if (!mode)
+ 		mode = S_IRUSR | S_IWUSR;
+-
++	
++	mask = umask(0);
+ 	if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) {
++		umask(mask);
+ 		errsv = errno;
+ 		close(in);
+ 		retval = -1;
+ 		goto out;
+ 	}
++	umask(mask);
+ 	while (retval == 0 && (amount_read = read(in, buf, sizeof(buf))) > 0) {
+ 		if (write(out, buf, amount_read) < 0) {
+ 			errsv = errno;
diff --git a/libsemanage.spec b/libsemanage.spec
index 593dfd5..a23ac76 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -10,11 +10,12 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsemanage
 Version: 2.1.2
-Release: 1%{?dist}
+Release: 1.1%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 Source: libsemanage-%{version}.tgz
 Patch: libsemanage-rhat.patch
+Patch1: libsemanage-umask.patch
 URL: http://oss.tresys.com/git/selinux.git
 Source1: semanage.conf
 
@@ -86,6 +87,7 @@ SELinux management applications.
 %prep
 %setup -q
 %patch -p2 -b .rhat
+%patch1 -p2 -b .umask
 
 %build
 # To support building the Python wrapper against multiple Python runtimes
@@ -179,6 +181,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif # if with_python3
 
 %changelog
+* Thu Oct 20 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.2-1.1
+- Add Stephen Smalley patch to make sure selinux config files are created with the correct permissions, 
+- ignoring the umask
+
 * Thu Aug 18 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.2-1
 -Update to upstream
 2.1.2 2011-08-17

More information about the scm-commits mailing list