Make patch SELinux compatible
Stephen Smalley
sds at tycho.nsa.gov
Thu May 20 12:24:40 UTC 2010
On Thu, 2010-05-20 at 08:22 -0400, Vadym Chepkov wrote:
> On May 20, 2010, at 8:12 AM, yersinia wrote:
>
> > On Thu, May 20, 2010 at 1:15 PM, Vadym Chepkov <vchepkov at gmail.com> wrote:
> >> Hi,
> >>
> >> Is there a way to make patch in Redhat SELinux compatible?
> >>
> >> # ls -Z php.php
> >> -rw-r--r-- root root user_u:object_r:httpd_sys_content_t:s0 php.php
> >>
> >> # patch -p1 < /root/php.patch
> >> patching file php.php
> >>
> >> # ls -Z php.php
> >> -rw-r--r-- root root user_u:object_r:tmp_t:s0 php.php
> > Strange. For me this work as aspected, because patch first unlink php.php and
> > after read /tmp/pxxxx and write php.php. Are you sure that the file
> > context for your php.php was persistent (via semanage fscontext ) and
> > not set via chcon ?
>
> yes, I am sure.
> and I never user 'semanage fcontext', I prefer local.fc
> But in this case it's under /var/www, so it inherits default context.
>
> rpm -qlp patch-2.5.4-29.2.3.el5.src.rpm
> patch-2.5-stderr.patch
> patch-2.5.4-ifdef.patch
> patch-2.5.4-program_name.patch
> patch-2.5.4-sigsegv.patch
> patch-2.5.4-suffix.patch
> patch-2.5.4.tar.gz
> patch-parse.patch
> patch-posix-backup.patch
> patch-stripcr.patch
> patch.spec
>
> no selinux :(
Hmmm...I ran the test case in that bug though and it still fails on
F-12. Even with a -selinux patch in the .src.rpm.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list