[shadow-utils] report error to stdout when SELinux context for home directory
Tomáš Mráz
tmraz at fedoraproject.org
Fri Jun 14 13:27:33 UTC 2013
commit 32f6a7815739e283e02319ff3ce2e8c0d16e7697
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Jun 14 15:27:20 2013 +0200
report error to stdout when SELinux context for home directory
cannot be determined (#973647)
- audit the changing home directory owner (#885797)
- do not set the default SELinux MLS range (#852676)
shadow-4.1.5.1-audit-owner.patch | 32 ++++++++++++++++++++++++++++++++
shadow-4.1.5.1-default-range.patch | 35 +++++++++++++++++++++++++++++++++++
shadow-4.1.5.1-errmsg.patch | 23 +++++++++++++++++++++++
shadow-utils.spec | 15 ++++++++++++++-
4 files changed, 104 insertions(+), 1 deletions(-)
---
diff --git a/shadow-4.1.5.1-audit-owner.patch b/shadow-4.1.5.1-audit-owner.patch
new file mode 100644
index 0000000..6fbbdbf
--- /dev/null
+++ b/shadow-4.1.5.1-audit-owner.patch
@@ -0,0 +1,32 @@
+diff -up shadow-4.1.5.1/src/usermod.c.audit shadow-4.1.5.1/src/usermod.c
+--- shadow-4.1.5.1/src/usermod.c.audit 2011-11-21 23:02:16.000000000 +0100
++++ shadow-4.1.5.1/src/usermod.c 2013-06-14 14:54:20.237026550 +0200
+@@ -1513,6 +1513,14 @@ static void move_home (void)
+ fail_exit (E_HOMEDIR);
+ }
+
++#ifdef WITH_AUDIT
++ if (uflg || gflg) {
++ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
++ "changing home directory owner",
++ user_newname, (unsigned int) user_newid, 1);
++ }
++#endif
++
+ if (rename (user_home, user_newhome) == 0) {
+ /* FIXME: rename above may have broken symlinks
+ * pointing to the user's home directory
+@@ -1947,6 +1955,13 @@ int main (int argc, char **argv)
+ * ownership.
+ *
+ */
++#ifdef WITH_AUDIT
++ if (uflg || gflg) {
++ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
++ "changing home directory owner",
++ user_newname, (unsigned int) user_newid, 1);
++ }
++#endif
+ if (chown_tree (dflg ? user_newhome : user_home,
+ user_id,
+ uflg ? user_newid : (uid_t)-1,
diff --git a/shadow-4.1.5.1-default-range.patch b/shadow-4.1.5.1-default-range.patch
new file mode 100644
index 0000000..45c677a
--- /dev/null
+++ b/shadow-4.1.5.1-default-range.patch
@@ -0,0 +1,35 @@
+diff -up shadow-4.1.5.1/lib/semanage.c.default-range shadow-4.1.5.1/lib/semanage.c
+--- shadow-4.1.5.1/lib/semanage.c.default-range 2012-01-08 17:35:44.000000000 +0100
++++ shadow-4.1.5.1/lib/semanage.c 2013-06-14 15:14:51.970237594 +0200
+@@ -143,6 +143,7 @@ static int semanage_user_mod (semanage_h
+ goto done;
+ }
+
++#if 0
+ ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+ if (ret != 0) {
+ fprintf (stderr,
+@@ -150,6 +151,7 @@ static int semanage_user_mod (semanage_h
+ ret = 1;
+ goto done;
+ }
++#endif
+
+ ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
+ if (ret != 0) {
+@@ -200,6 +202,7 @@ static int semanage_user_add (semanage_h
+ goto done;
+ }
+
++#if 0
+ ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+ if (ret != 0) {
+ fprintf (stderr,
+@@ -208,6 +211,7 @@ static int semanage_user_add (semanage_h
+ ret = 1;
+ goto done;
+ }
++#endif
+
+ ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
+ if (ret != 0) {
diff --git a/shadow-4.1.5.1-errmsg.patch b/shadow-4.1.5.1-errmsg.patch
new file mode 100644
index 0000000..6f3a1d2
--- /dev/null
+++ b/shadow-4.1.5.1-errmsg.patch
@@ -0,0 +1,23 @@
+diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c
+--- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.000000000 +0100
++++ shadow-4.1.5.1/src/useradd.c 2013-06-14 14:22:59.529661095 +0200
+@@ -1760,6 +1760,9 @@ static void create_home (void)
+ if (access (user_home, F_OK) != 0) {
+ #ifdef WITH_SELINUX
+ if (set_selinux_file_context (user_home, NULL) != 0) {
++ fprintf (stderr,
++ _("%s: cannot set SELinux context for home directory %s\n"),
++ Prog, user_home);
+ fail_exit (E_HOMEDIR);
+ }
+ #endif
+@@ -1789,6 +1792,9 @@ static void create_home (void)
+ #ifdef WITH_SELINUX
+ /* Reset SELinux to create files with default contexts */
+ if (reset_selinux_file_context () != 0) {
++ fprintf (stderr,
++ _("%s: cannot reset SELinux file creation context\n"),
++ Prog);
+ fail_exit (E_HOMEDIR);
+ }
+ #endif
diff --git a/shadow-utils.spec b/shadow-utils.spec
index 2b214d3..a7b86c6 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.1.5.1
-Release: 5%{?dist}
+Release: 6%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2
@@ -18,6 +18,10 @@ Patch8: shadow-4.1.5.1-backup-mode.patch
Patch9: shadow-4.1.5.1-merge-group.patch
Patch10: shadow-4.1.5.1-orig-context.patch
Patch11: shadow-4.1.5.1-logmsg.patch
+Patch12: shadow-4.1.5.1-errmsg.patch
+Patch13: shadow-4.1.5.1-audit-owner.patch
+Patch14: shadow-4.1.5.1-default-range.patch
+
License: BSD and GPLv2+
Group: System Environment/Base
BuildRequires: libselinux-devel >= 1.25.2-1
@@ -56,6 +60,9 @@ are used for managing group accounts.
%patch9 -p1 -b .merge-group
%patch10 -p1 -b .orig-context
%patch11 -p1 -b .logmsg
+%patch12 -p1 -b .errmsg
+%patch13 -p1 -b .audit-owner
+%patch14 -p1 -b .default-range
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO
@@ -209,6 +216,12 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8*
%changelog
+* Fri Jun 14 2013 Tomas Mraz <tmraz at redhat.com> - 2:4.1.5.1-6
+- report error to stdout when SELinux context for home directory
+ cannot be determined (#973647)
+- audit the changing home directory owner (#885797)
+- do not set the default SELinux MLS range (#852676)
+
* Tue Mar 19 2013 Tomas Mraz <tmraz at redhat.com> - 2:4.1.5.1-5
- improve the failure syslog message in useradd (#830617)
More information about the scm-commits
mailing list