diff options
Diffstat (limited to 'patches/logrotate-3.7.1/rh-selinux.patch')
-rw-r--r-- | patches/logrotate-3.7.1/rh-selinux.patch | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/patches/logrotate-3.7.1/rh-selinux.patch b/patches/logrotate-3.7.1/rh-selinux.patch new file mode 100644 index 000000000..0e1a3bbdf --- /dev/null +++ b/patches/logrotate-3.7.1/rh-selinux.patch @@ -0,0 +1,173 @@ +Add selinux_getenforce() calls to work when not in enforcing mode +- use security_getenforce() instead of selinux_getenforcemode +From RedHat patches. + +Index: logrotate-3.7.1/logrotate.c +=================================================================== +--- logrotate-3.7.1.orig/logrotate.c 2006-04-08 20:42:37.114533654 +0100 ++++ logrotate-3.7.1/logrotate.c 2006-04-08 20:44:17.311634566 +0100 +@@ -17,6 +17,7 @@ + #include <selinux/selinux.h> + static security_context_t prev_context=NULL; + int selinux_enabled=0; ++int selinux_enforce=0; + #endif + + #include "basenames.h" +@@ -293,38 +294,43 @@ + return 1; + } + #ifdef WITH_SELINUX +- if ((selinux_enabled=(is_selinux_enabled()>0))) +- { +- security_context_t oldContext; +- if (fgetfilecon(fdcurr, &oldContext) >=0) { +- if (getfscreatecon(&prev_context) < 0) { +- message(MESS_ERROR, "error getting default context: %s\n", +- strerror(errno)); +- freecon(oldContext); +- return 1; +- } +- if (setfscreatecon(oldContext) < 0) { +- message(MESS_ERROR, "error setting file context %s to %s: %s\n", +- saveLog, oldContext,strerror(errno)); +- freecon(oldContext); +- return 1; +- } +- freecon(oldContext); +- } else { +- message(MESS_ERROR, "error getting file context %s: %s\n", currLog, +- strerror(errno)); +- return 1; +- } +- } ++ if (selinux_enabled) { ++ security_context_t oldContext; ++ if (fgetfilecon(fdcurr, &oldContext) >=0) { ++ if (getfscreatecon(&prev_context) < 0) { ++ message(MESS_ERROR, "error getting default context: %s\n", ++ strerror(errno)); ++ if (selinux_enforce) { ++ freecon(oldContext); ++ return 1; ++ } ++ } ++ if (setfscreatecon(oldContext) < 0) { ++ message(MESS_ERROR, "error setting file context %s to %s: %s\n", ++ saveLog, oldContext,strerror(errno)); ++ if (selinux_enforce) { ++ freecon(oldContext); ++ return 1; ++ } ++ } ++ freecon(oldContext); ++ } else { ++ message(MESS_ERROR, "error getting file context %s: %s\n", currLog, ++ strerror(errno)); ++ if (selinux_enforce) { ++ return 1; ++ } ++ } ++ } + #endif + fdsave = open(saveLog, O_WRONLY | O_CREAT | O_TRUNC,sb->st_mode); + #ifdef WITH_SELINUX + if (selinux_enabled) { +- setfscreatecon(prev_context); +- if (prev_context!= NULL) { +- freecon(prev_context); +- prev_context=NULL; +- } ++ setfscreatecon(prev_context); ++ if (prev_context!= NULL) { ++ freecon(prev_context); ++ prev_context=NULL; ++ } + } + #endif + if (fdsave < 0) { +@@ -672,28 +678,34 @@ + (log->flags & LOG_FLAG_DELAYCOMPRESS) ? "" : compext); + + #ifdef WITH_SELINUX +- if ((selinux_enabled=(is_selinux_enabled()>0))) { +- security_context_t oldContext=NULL; +- if (getfilecon(log->files[logNum], &oldContext)>0) { +- if (getfscreatecon(&prev_context) < 0) { +- message(MESS_ERROR, "error getting default context: %s\n", +- strerror(errno)); +- freecon(oldContext); +- return 1; +- } +- if (setfscreatecon(oldContext) < 0) { +- message(MESS_ERROR, "error setting file context %s to %s: %s\n", +- log->files[logNum], oldContext,strerror(errno)); +- freecon(oldContext); +- return 1; +- } +- freecon(oldContext); +- } else { +- message(MESS_ERROR, "error getting file context %s: %s\n", +- log->files[logNum], +- strerror(errno)); +- return 1; +- } ++ if (selinux_enabled) { ++ security_context_t oldContext=NULL; ++ if (getfilecon(log->files[logNum], &oldContext)>0) { ++ if (getfscreatecon(&prev_context) < 0) { ++ message(MESS_ERROR, "error getting default context: %s\n", ++ strerror(errno)); ++ if (selinux_enforce) { ++ freecon(oldContext); ++ return 1; ++ } ++ } ++ if (setfscreatecon(oldContext) < 0) { ++ message(MESS_ERROR, "error setting file context %s to %s: %s\n", ++ log->files[logNum], oldContext,strerror(errno)); ++ if (selinux_enforce) { ++ freecon(oldContext); ++ return 1; ++ } ++ } ++ freecon(oldContext); ++ } else { ++ message(MESS_ERROR, "error getting file context %s: %s\n", ++ log->files[logNum], ++ strerror(errno)); ++ if (selinux_enforce) { ++ return 1; ++ } ++ } + } + #endif + for (i = rotateCount + logStart - 1; (i >= 0) && !hasErrors; i--) { +@@ -883,11 +895,11 @@ + + #ifdef WITH_SELINUX + if (selinux_enabled) { +- setfscreatecon(prev_context); +- if (prev_context!= NULL) { +- freecon(prev_context); +- prev_context=NULL; +- } ++ setfscreatecon(prev_context); ++ if (prev_context!= NULL) { ++ freecon(prev_context); ++ prev_context=NULL; ++ } + } + #endif + free(dirName); +@@ -1249,6 +1261,10 @@ + exit(1); + } + ++#ifdef WITH_SELINUX ++ selinux_enabled=(is_selinux_enabled()>0); ++ selinux_enforce=security_getenforce(); ++#endif + for (file = files; *file; file++) { + if (readConfigPath(*file, &defConfig, &logs, &numLogs)) { + exit(1); |