Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 150363 Details for
Bug 187120
cfengine needs to be SELinux aware
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
selinux support for file copies and editfiles
cfengine-selinux.patch (text/plain), 3.93 KB, created by
Jeff Sheltren
on 2007-03-19 13:57:06 UTC
(
hide
)
Description:
selinux support for file copies and editfiles
Filename:
MIME Type:
Creator:
Jeff Sheltren
Created:
2007-03-19 13:57:06 UTC
Size:
3.93 KB
patch
obsolete
>--- cfengine-2.1.22/Makefile.in.selinux 2007-02-25 07:28:27.000000000 -0800 >+++ cfengine-2.1.22/Makefile.in 2007-02-25 07:29:43.000000000 -0800 >@@ -128,6 +128,7 @@ > LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ > LIBOBJS = @LIBOBJS@ > LIBS = @LIBS@ >+LIB_SELINUX = @LIB_SELINUX@ > LTLIBOBJS = @LTLIBOBJS@ > MAKEINFO = @MAKEINFO@ > NEED_SETGID = @NEED_SETGID@ >--- cfengine-2.1.22/configure.ac.selinux 2007-02-25 06:58:36.000000000 -0800 >+++ cfengine-2.1.22/configure.ac 2007-02-25 07:45:46.000000000 -0800 >@@ -537,6 +537,18 @@ > > > dnl ###################################################################### >+dnl Give the chance to enable SELINUX >+dnl ###################################################################### >+dnl >+AC_ARG_ENABLE(selinux, dnl >+ [ --enable-selinux Enable use of the SELINUX libraries], >+ [AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX]) >+ LIB_SELINUX="-lselinux" >+ LIBS="$LIBS $LIB_SELINUX" >+ AC_SUBST(LIB_SELINUX)]) >+ >+ >+dnl ###################################################################### > dnl OS specific stuff > dnl ###################################################################### > >--- cfengine-2.1.22/src/cf.defs.h.selinux 2007-02-25 12:03:59.000000000 -0800 >+++ cfengine-2.1.22/src/cf.defs.h 2007-02-25 12:04:24.000000000 -0800 >@@ -267,6 +267,9 @@ > # include <sched.h> > #endif > >+#ifdef WITH_SELINUX >+# include <selinux/selinux.h> >+#endif > > /*******************************************************************/ > /* Various defines */ >--- cfengine-2.1.22/src/item-file.c.selinux 2007-02-25 06:40:04.000000000 -0800 >+++ cfengine-2.1.22/src/item-file.c 2007-02-25 12:11:39.000000000 -0800 >@@ -107,6 +107,17 @@ > char stamp[CF_BUFSIZE]; > time_t STAMPNOW; > STAMPNOW = time((time_t *)NULL); >+#ifdef WITH_SELINUX >+ int selinux_enabled=0; >+ security_context_t scontext=NULL; >+ >+ selinux_enabled = (is_selinux_enabled()>0); >+ if(selinux_enabled) >+ { >+ /* get current security context */ >+ getfilecon(file, &scontext); >+ } >+#endif > > if (stat(file,&statbuf) == -1) > { >@@ -185,6 +196,13 @@ > chmod(file,statbuf.st_mode); /* Restore file permissions etc */ > chown(file,statbuf.st_uid,statbuf.st_gid); > umask(mask); >+#ifdef WITH_SELINUX >+if(selinux_enabled) >+ { >+ /* restore file context */ >+ setfilecon(file,scontext); >+ } >+#endif > return true; > } > >--- cfengine-2.1.22/src/image.c.selinux 2007-03-04 16:31:57.000000000 -0400 >+++ cfengine-2.1.22/src/image.c 2007-03-18 09:31:48.000000000 -0400 >@@ -1122,6 +1122,14 @@ > rsrcfork=0; > #endif > >+#ifdef WITH_SELINUX >+int selinux_enabled=0; >+/* need to keep track of security context of destination file (if any) */ >+security_context_t scontext=NULL; >+struct stat cur_dest; >+int dest_exists; >+selinux_enabled = (is_selinux_enabled()>0); >+#endif > > Debug2("CopyReg(%s,%s)\n",source,dest); > >@@ -1131,6 +1139,24 @@ > return false; > } > >+#ifdef WITH_SELINUX >+if(selinux_enabled) >+ { >+ dest_exists = stat(dest,&cur_dest); >+ if(dest_exists == 0) >+ { >+ /* get current security context of destination file */ >+ getfilecon(dest,&scontext); >+ } >+ else >+ { >+ /* use default security context when creating destination file */ >+ matchpathcon(dest,0,&scontext); >+ setfscreatecon(scontext); >+ } >+ } >+#endif >+ > /* Make an assoc array of inodes used to preserve hard links */ > > linkable = CompressedArrayValue(ip->inode_cache,sstat.st_ino); >@@ -1438,7 +1464,24 @@ > utime(dest,&timebuf); > #endif > } >- >+ >+#ifdef WITH_SELINUX >+if(selinux_enabled) >+ { >+ if(dest_exists == 0) >+ { >+ /* set dest context to whatever it was before copy */ >+ setfilecon(dest,scontext); >+ } >+ else >+ { >+ /* set create context back to default */ >+ setfscreatecon(NULL); >+ } >+ freecon(scontext); >+ } >+#endif >+ > return true; > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=150363">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 187120
:
147352
| 150363 |
152279