[strongswan] #903638 - SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the chr_file /dev/ra
Pavel Šimerda
pavlix at fedoraproject.org
Wed Feb 19 09:29:36 UTC 2014
commit b97f57cef970bac0c5ca8a4a335b6b269cdc146f
Author: Pavel Šimerda <psimerda at redhat.com>
Date: Wed Feb 19 10:15:54 2014 +0100
#903638 - SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the chr_file /dev/random
strongswan-5.1.1-selinux.patch | 26 ++++++++++++++++++++++++++
strongswan.spec | 7 ++++++-
2 files changed, 32 insertions(+), 1 deletions(-)
---
diff --git a/strongswan-5.1.1-selinux.patch b/strongswan-5.1.1-selinux.patch
new file mode 100644
index 0000000..e599099
--- /dev/null
+++ b/strongswan-5.1.1-selinux.patch
@@ -0,0 +1,26 @@
+diff --git a/src/charon/charon.c b/src/charon/charon.c
+index 089ac45..b644977 100644
+--- a/src/charon/charon.c
++++ b/src/charon/charon.c
+@@ -226,7 +226,7 @@ static bool check_pidfile()
+ }
+
+ /* create new pidfile */
+- pidfile = fopen(PID_FILE, "w");
++ pidfile = fopen(PID_FILE, "we");
+ if (pidfile)
+ {
+ ignore_result(fchown(fileno(pidfile),
+diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c
+index 1f10792..c79e87a 100644
+--- a/src/libstrongswan/plugins/random/random_plugin.c
++++ b/src/libstrongswan/plugins/random/random_plugin.c
+@@ -83,7 +83,7 @@ bool random_plugin_get_strong_equals_true()
+ */
+ static bool open_dev(char *file, int *fd)
+ {
+- *fd = open(file, O_RDONLY);
++ *fd = open(file, O_RDONLY | O_CLOEXEC);
+ if (*fd == -1)
+ {
+ DBG1(DBG_LIB, "opening \"%s\" failed: %s", file, strerror(errno));
diff --git a/strongswan.spec b/strongswan.spec
index 339b2d1..d6b28b8 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -9,7 +9,7 @@
Name: strongswan
Version: 5.1.1
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: An OpenSource IPsec-based VPN Solution
Group: System Environment/Daemons
License: GPLv2+
@@ -21,6 +21,7 @@ Patch2: libstrongswan-plugin.patch
Patch3: libstrongswan-settings-debug.patch
Patch4: libstrongswan-973315.patch
Patch5: strongswan-1036844.patch
+Patch6: strongswan-5.1.1-selinux.patch
BuildRequires: gmp-devel autoconf automake
BuildRequires: libcurl-devel
@@ -83,6 +84,7 @@ implementation possessing a standard IF-IMC/IMV interface.
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
@@ -336,6 +338,9 @@ fi
%changelog
+* Wed Feb 19 2014 Pavel Šimerda <psimerda at redhat.com> - 5.1.1-5
+- #903638 - SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the chr_file /dev/random
+
* Thu Jan 09 2014 Pavel Šimerda <psimerda at redhat.com> - 5.1.1-4
- Removed redundant patches and *.spec commands caused by branch merging
More information about the scm-commits
mailing list