[krb5] Add a hackish attempt at a workaround for #961235
Nalin Dahyabhai
nalin at fedoraproject.org
Thu May 30 19:12:00 UTC 2013
commit dc293b3d84ef42a40b6e4a6ee56d24ee730cb8d6
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Thu May 30 12:26:42 2013 -0400
Add a hackish attempt at a workaround for #961235
Add a patch to create /run/user/0 if we're trying to resolve a
DIR: ccache somewhere below it and neither the target location
nor /run/user/0 exist yet.
The better workaround is to set the location's owner to "linger"
via logind, since even after we do what we're doing here, if
the user logs in and logs back out, our location is still removed.
krb5-1.11-run_user_0.patch | 34 ++++++++++++++++++++++++++++++++++
krb5.spec | 6 ++++++
2 files changed, 40 insertions(+), 0 deletions(-)
---
diff --git a/krb5-1.11-run_user_0.patch b/krb5-1.11-run_user_0.patch
new file mode 100644
index 0000000..6be760a
--- /dev/null
+++ b/krb5-1.11-run_user_0.patch
@@ -0,0 +1,34 @@
+A hack: if we're looking at creating a ccache directory directly below
+the /run/user/0 directory, and /run/user/0 doesn't exist, try to create
+it, too.
+
+--- krb5/src/lib/krb5/ccache/cc_dir.c
++++ krb5/src/lib/krb5/ccache/cc_dir.c
+@@ -61,6 +61,8 @@
+
+ #include <dirent.h>
+
++#define ROOT_SPECIAL_DCC_PARENT "/run/user/0"
++
+ extern const krb5_cc_ops krb5_dcc_ops;
+ extern const krb5_cc_ops krb5_fcc_ops;
+
+@@ -239,6 +241,18 @@
+
+ if (stat(dirname, &st) < 0) {
+ if (errno == ENOENT) {
++ if (strncmp(dirname, ROOT_SPECIAL_DCC_PARENT "/",
++ sizeof(ROOT_SPECIAL_DCC_PARENT)) == 0 &&
++ stat(ROOT_SPECIAL_DCC_PARENT, &st) < 0 &&
++ errno == ENOENT) {
++#ifdef USE_SELINUX
++ selabel = krb5int_push_fscreatecon_for(ROOT_SPECIAL_DCC_PARENT);
++#endif
++ status = mkdir(ROOT_SPECIAL_DCC_PARENT, S_IRWXU);
++#ifdef USE_SELINUX
++ krb5int_pop_fscreatecon(selabel);
++#endif
++ }
+ #ifdef USE_SELINUX
+ selabel = krb5int_push_fscreatecon_for(dirname);
+ #endif
diff --git a/krb5.spec b/krb5.spec
index 31cda69..9405d2a 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -85,6 +85,7 @@ Patch125: krb5-1.11.2-skew1.patch
Patch126: krb5-1.11.2-skew2.patch
Patch127: krb5-master-test_gss_no_udp.patch
Patch128: krb5-master-test_no_pmap.patch
+Patch129: krb5-1.11-run_user_0.patch
# Patches for otp plugin backport
Patch201: krb5-1.11.2-keycheck.patch
@@ -312,6 +313,7 @@ ln -s NOTICE LICENSE
%patch126 -p1 -b .skew2
%patch127 -p1 -b .test_gss_no_udp
%patch128 -p1 -b .test_no_pmap
+%patch129 -p1 -b .run_user_0
%patch201 -p1 -b .keycheck
%patch202 -p1 -b .otp
@@ -840,6 +842,10 @@ exit 0
* Thu May 30 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.2-9
- don't forget to set the SELinux label when creating the directory for
a DIR: ccache
+- special-case /run/user/0, attempting to create it when resolving a
+ directory cache below it fails due to ENOENT and we find that it doesn't
+ already exist, either, before attempting to create the directory cache
+ (maybe helping, maybe just making things more confusing for #961235)
* Thu May 30 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.2-8
- pull in patches from master to not test GSSRPC-over-UDP and to not
More information about the scm-commits
mailing list