[policycoreutils/f18] Rebuild without bogus prebuild 64 bit seunshare app
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Sep 26 15:02:00 UTC 2012
commit 9b101416efbb9316bd24e82408de3b9114afef13
Author: rhatdan <dwalsh at redhat.com>
Date: Wed Sep 26 11:01:56 2012 -0400
Rebuild without bogus prebuild 64 bit seunshare app
policycoreutils-rhat.patch | 113 ++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 113 insertions(+), 0 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 4a0aaca..e072a95 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -650,6 +650,119 @@ index 5da2e0d..7c5bab0 100644
clean:
-rm -f $(TARGETS) *.o
+diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
+index 3bb3c4b..d16e331 100644
+--- a/policycoreutils/sandbox/seunshare.c
++++ b/policycoreutils/sandbox/seunshare.c
+@@ -31,6 +31,12 @@
+ #include <selinux/context.h> /* for context-mangling functions */
+ #include <dirent.h>
+
++
++/*
++ * Note setfsuid never returns an error code. But the compiler complains if
++ * I do not check, so I am checking for -1, which should never happen.
++ */
++
+ #ifdef USE_NLS
+ #include <locale.h> /* for setlocale() */
+ #include <libintl.h> /* for gettext() */
+@@ -617,12 +623,15 @@ static int cleanup_tmpdir(const char *tmpdir, const char *src,
+ free(cmdbuf); cmdbuf = NULL;
+
+ /* remove runtime temporary directory */
+- setfsuid(0);
++ if (setfsuid(0) < 0)
++ rc++;
++
+ if (rmdir(tmpdir) == -1)
+ fprintf(stderr, _("Failed to remove directory %s: %s\n"), tmpdir, strerror(errno));
+- setfsuid(pwd->pw_uid);
++ if (setfsuid(pwd->pw_uid) < 0)
++ rc++;
+
+- return 0;
++ return rc;
+ }
+
+ /**
+@@ -642,7 +651,9 @@ static char *create_tmpdir(const char *src, struct stat *src_st,
+
+ /* get selinux context */
+ if (execcon) {
+- setfsuid(pwd->pw_uid);
++ if (setfsuid(pwd->pw_uid) < 0)
++ goto err;
++
+ if ((fd_s = open(src, O_RDONLY)) < 0) {
+ fprintf(stderr, _("Failed to open directory %s: %s\n"), src, strerror(errno));
+ goto err;
+@@ -661,7 +672,8 @@ static char *create_tmpdir(const char *src, struct stat *src_st,
+ }
+
+ /* ok to not reach this if there is an error */
+- setfsuid(0);
++ if (setfsuid(0) < 0)
++ goto err;
+ }
+
+ if (asprintf(&tmpdir, "/tmp/.sandbox-%s-XXXXXX", pwd->pw_name) == -1) {
+@@ -716,14 +728,16 @@ static char *create_tmpdir(const char *src, struct stat *src_st,
+ }
+ }
+
+- setfsuid(pwd->pw_uid);
++ if (setfsuid(pwd->pw_uid) < 0)
++ goto err;
+
+ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
+ goto err;
+ }
+
+ /* ok to not reach this if there is an error */
+- setfsuid(0);
++ if (setfsuid(0) < 0)
++ goto err;
+
+ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
+ fprintf(stderr, _("Failed to populate runtime temporary directory\n"));
+@@ -916,7 +930,8 @@ int main(int argc, char **argv) {
+ /* Changing fsuid is usually required when user-specified directory is
+ * on an NFS mount. It's also desired to avoid leaking info about
+ * existence of the files not accessible to the user. */
+- setfsuid(uid);
++ if (setfsuid(uid) < 0)
++ return -1;
+
+ /* verify homedir and tmpdir */
+ if (homedir_s && (
+@@ -925,7 +940,7 @@ int main(int argc, char **argv) {
+ if (tmpdir_s && (
+ verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
+ check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
+- setfsuid(0);
++ if (setfsuid(0) < 0) return -1;
+
+ /* create runtime tmpdir */
+ if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s,
+@@ -959,7 +974,7 @@ int main(int argc, char **argv) {
+ }
+
+ /* assume fsuid==ruid after this point */
+- setfsuid(uid);
++ if (setfsuid(uid) < 0) goto childerr;
+
+ /* mount homedir and tmpdir, in this order */
+ if (homedir_s && seunshare_mount(homedir_s, pwd->pw_dir,
+@@ -1005,7 +1020,7 @@ int main(int argc, char **argv) {
+
+ /* selinux context */
+ if (execcon && setexeccon(execcon) != 0) {
+- fprintf(stderr, _("Could not set exec context to %s.\n"), execcon);
++ fprintf(stderr, _("Could not set exec context to %s. %s\n"), execcon, strerror(errno));
+ goto childerr;
+ }
+
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 989b1ae..19a4ff0 100755
--- a/policycoreutils/scripts/fixfiles
More information about the scm-commits
mailing list