[policycoreutils] Rebuild without bogus prebuild 64 bit seunshare app

Wed Sep 26 14:59:18 UTC 2012

commit 12a6440402e0d82f4d92a08abafb4e9ed1607cd6
Author: rhatdan <dwalsh at redhat.com>
Date:   Wed Sep 26 10:59:14 2012 -0400

    Rebuild without bogus prebuild 64 bit seunshare app

 policycoreutils-rhat.patch |  113 ++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 113 insertions(+), 0 deletions(-)
---

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 4a0aaca..e072a95 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -650,6 +650,119 @@ index 5da2e0d..7c5bab0 100644
  
  clean:
  	-rm -f $(TARGETS) *.o 
+diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
+index 3bb3c4b..d16e331 100644
+--- a/policycoreutils/sandbox/seunshare.c
++++ b/policycoreutils/sandbox/seunshare.c
+@@ -31,6 +31,12 @@
+ #include <selinux/context.h>	/* for context-mangling functions */
+ #include <dirent.h>
+ 
++
++/*
++ * Note setfsuid never returns an error code.  But the compiler complains if 
++ * I do not check, so I am checking for -1, which should never happen.
++ */
++
+ #ifdef USE_NLS
+ #include <locale.h>		/* for setlocale() */
+ #include <libintl.h>		/* for gettext() */
+@@ -617,12 +623,15 @@ static int cleanup_tmpdir(const char *tmpdir, const char *src,
+ 	free(cmdbuf); cmdbuf = NULL;
+ 
+ 	/* remove runtime temporary directory */
+-	setfsuid(0);
++	if (setfsuid(0) < 0) 
++		rc++;
++
+ 	if (rmdir(tmpdir) == -1)
+ 		fprintf(stderr, _("Failed to remove directory %s: %s\n"), tmpdir, strerror(errno));
+-	setfsuid(pwd->pw_uid);
++	if (setfsuid(pwd->pw_uid) < 0) 
++		rc++;
+ 
+-	return 0;
++	return rc;
+ }
+ 
+ /**
+@@ -642,7 +651,9 @@ static char *create_tmpdir(const char *src, struct stat *src_st,
+ 
+ 	/* get selinux context */
+ 	if (execcon) {
+-		setfsuid(pwd->pw_uid);
++		if (setfsuid(pwd->pw_uid) < 0) 
++			goto err;
++
+ 		if ((fd_s = open(src, O_RDONLY)) < 0) {
+ 			fprintf(stderr, _("Failed to open directory %s: %s\n"), src, strerror(errno));
+ 			goto err;
+@@ -661,7 +672,8 @@ static char *create_tmpdir(const char *src, struct stat *src_st,
+ 		}
+ 
+ 		/* ok to not reach this if there is an error */
+-		setfsuid(0);
++		if (setfsuid(0) < 0) 
++			goto err;
+ 	}
+ 
+ 	if (asprintf(&tmpdir, "/tmp/.sandbox-%s-XXXXXX", pwd->pw_name) == -1) {
+@@ -716,14 +728,16 @@ static char *create_tmpdir(const char *src, struct stat *src_st,
+ 		}
+ 	}
+ 
+-	setfsuid(pwd->pw_uid);
++	if (setfsuid(pwd->pw_uid) < 0) 
++		goto err;
+ 
+ 	if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
+ 		goto err;
+ 	}
+ 
+ 	/* ok to not reach this if there is an error */
+-	setfsuid(0);
++	if (setfsuid(0) < 0) 
++		goto err;
+ 
+ 	if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
+ 		fprintf(stderr, _("Failed to populate runtime temporary directory\n"));
+@@ -916,7 +930,8 @@ int main(int argc, char **argv) {
+ 	/* Changing fsuid is usually required when user-specified directory is
+ 	 * on an NFS mount.  It's also desired to avoid leaking info about
+ 	 * existence of the files not accessible to the user. */
+-	setfsuid(uid);
++	if (setfsuid(uid) < 0) 
++		return -1;
+ 
+ 	/* verify homedir and tmpdir */
+ 	if (homedir_s && (
+@@ -925,7 +940,7 @@ int main(int argc, char **argv) {
+ 	if (tmpdir_s && (
+ 		verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
+ 		check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
+-	setfsuid(0);
++	if (setfsuid(0) < 0) return -1;
+ 
+ 	/* create runtime tmpdir */
+ 	if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s,
+@@ -959,7 +974,7 @@ int main(int argc, char **argv) {
+ 		}
+ 
+ 		/* assume fsuid==ruid after this point */
+-		setfsuid(uid);
++		if (setfsuid(uid) < 0) goto childerr;
+ 
+ 		/* mount homedir and tmpdir, in this order */
+ 		if (homedir_s && seunshare_mount(homedir_s, pwd->pw_dir,
+@@ -1005,7 +1020,7 @@ int main(int argc, char **argv) {
+ 
+ 		/* selinux context */
+ 		if (execcon && setexeccon(execcon) != 0) {
+-			fprintf(stderr, _("Could not set exec context to %s.\n"), execcon);
++			fprintf(stderr, _("Could not set exec context to %s. %s\n"), execcon, strerror(errno));
+ 			goto childerr;
+ 		}
+ 
 diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
 index 989b1ae..19a4ff0 100755
 --- a/policycoreutils/scripts/fixfiles
