[policycoreutils] A couple of minor coverity fixes for a potential leaked file descriptor An an unchecked return code.
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Oct 28 20:47:44 UTC 2011
commit 2392ca148334b046663382e91327dc56f438aa24
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Oct 28 16:47:40 2011 -0400
A couple of minor coverity fixes for a potential leaked file descriptor
An an unchecked return code.
Add ~/.local/share/* to restorecond_user watches
policycoreutils-rhat.patch | 63 ++++++++++++++++++++++++++-----------------
policycoreutils.spec | 7 ++++-
2 files changed, 44 insertions(+), 26 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 8b4bd09..db02944 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -221,7 +221,7 @@ index 4952632..89f5d97 100644
-#define EVENT_SIZE (sizeof (struct inotify_event))
-/* reasonable guess as to size of 1024 events */
-#define BUF_LEN (1024 * (EVENT_SIZE + 16))
-
+-
-static int debug_mode = 0;
-static int verbose_mode = 0;
-
@@ -248,11 +248,7 @@ index 4952632..89f5d97 100644
- return 0;
- return (strcmp(rest_a, rest_b) == 0);
-}
-+static char *server_watch_file = "/etc/selinux/restorecond.conf";
-+static char *user_watch_file = "/etc/selinux/restorecond_user.conf";
-+static char *watch_file;
-+static struct restore_opts r_opts;
-
+-
-/*
- A file was in a direcroty has been created. This function checks to
- see if it is one that we are watching.
@@ -428,9 +424,13 @@ index 4952632..89f5d97 100644
- FILE *cfg = NULL;
- if (debug_mode)
- printf("Read Config\n");
--
+
- watch_list_free(fd);
--
++static char *server_watch_file = "/etc/selinux/restorecond.conf";
++static char *user_watch_file = "/etc/selinux/restorecond_user.conf";
++static char *watch_file;
++static struct restore_opts r_opts;
+
- cfg = fopen(watch_file_path, "r");
- if (!cfg)
- exitApp("Error reading config file.");
@@ -479,22 +479,22 @@ index 4952632..89f5d97 100644
- if (event->len)
- watch_list_find(event->wd, event->name);
- break;
--
++#include <selinux/selinux.h>
+
- case 1: /* utmp has changed need to reload */
- read_config(fd);
- break;
-+#include <selinux/selinux.h>
++int debug_mode = 0;
++int terminate = 0;
++int master_wd = -1;
++int run_as_user = 0;
- default: /* No users logged in or out */
- break;
- }
- }
- }
-+int debug_mode = 0;
-+int terminate = 0;
-+int master_wd = -1;
-+int run_as_user = 0;
-
+-
- i += EVENT_SIZE + event->len;
- }
- return 0;
@@ -773,10 +773,10 @@ index b966db6..775c52b 100644
-
diff --git a/policycoreutils/restorecond/restorecond_user.conf b/policycoreutils/restorecond/restorecond_user.conf
new file mode 100644
-index 0000000..e0c2871
+index 0000000..b4debed
--- /dev/null
+++ b/policycoreutils/restorecond/restorecond_user.conf
-@@ -0,0 +1,7 @@
+@@ -0,0 +1,8 @@
+~/*
+~/public_html/*
+~/.gnome2/*
@@ -784,6 +784,7 @@ index 0000000..e0c2871
+~/.fonts/*
+~/.cache/*
+~/.config/*
++~/.local/share/*
diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c
new file mode 100644
index 0000000..4257058
@@ -1362,6 +1363,18 @@ index 4764987..924999d 100644
-mkdir -p $(SBINDIR)
install -m 4755 seunshare $(SBINDIR)/
-mkdir -p $(SHAREDIR)
+diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init
+index d1ccdc2..11c391c 100644
+--- a/policycoreutils/sandbox/sandbox.init
++++ b/policycoreutils/sandbox/sandbox.init
+@@ -19,6 +19,7 @@
+ #
+
+ # Source function library.
++. /etc/init.d/functions
+
+ LOCKFILE=/var/lock/subsys/sandbox
+
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index a52b6f1..c493e98 100644
--- a/policycoreutils/sandbox/seunshare.c
@@ -1468,10 +1481,10 @@ index 0000000..e15a877
+ rm -rf build *~
diff --git a/policycoreutils/semanage/default_encoding/default_encoding.c b/policycoreutils/semanage/default_encoding/default_encoding.c
new file mode 100644
-index 0000000..2ba4870
+index 0000000..023b8f4
--- /dev/null
+++ b/policycoreutils/semanage/default_encoding/default_encoding.c
-@@ -0,0 +1,59 @@
+@@ -0,0 +1,57 @@
+/*
+ * Authors:
+ * John Dennis <jdennis at redhat.com>
@@ -1526,10 +1539,8 @@ index 0000000..2ba4870
+PyMODINIT_FUNC
+initdefault_encoding_utf8(void)
+{
-+ PyObject* m;
-+
+ PyUnicode_SetDefaultEncoding("utf-8");
-+ m = Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
++ Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
+}
diff --git a/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py b/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py
new file mode 100644
@@ -1949,7 +1960,7 @@ index f84cd7e..3565f5e 100644
indent:
../../scripts/Lindent $(wildcard *.[ch])
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
-index ce44c04..f08f8e5 100644
+index ce44c04..373c9b9 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -1,5 +1,6 @@
@@ -1982,12 +1993,14 @@ index ce44c04..f08f8e5 100644
if (!r_opts->hnd) {
perror(r_opts->selabel_opt_path);
exit(1);
-@@ -104,8 +105,7 @@ static int restore(FTSENT *ftsent)
+@@ -103,9 +104,8 @@ static int match(const char *name, struct stat *sb, char **con)
+ static int restore(FTSENT *ftsent)
{
char *my_file = strdupa(ftsent->fts_path);
- int ret;
+- int ret;
- char *context, *newcon;
- int user_only_changed = 0;
++ int ret = -1;
+ security_context_t curcon = NULL, newcon = NULL;
if (match(my_file, ftsent->fts_statp, &newcon) < 0)
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 53a412b..423167e 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.7
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -352,6 +352,11 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Fri Oct 28 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.7-5
+- A couple of minor coverity fixes for a potential leaked file descriptor
+- An an unchecked return code.
+- Add ~/.local/share/* to restorecond_user watches
+
* Thu Oct 13 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.7-4
- Have sepolgen return name field in AVC
More information about the scm-commits
mailing list