summaryrefslogtreecommitdiffstats
path: root/patches/logrotate-3.7.1/rh-selinux.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patches/logrotate-3.7.1/rh-selinux.patch')
-rw-r--r--patches/logrotate-3.7.1/rh-selinux.patch173
1 files changed, 173 insertions, 0 deletions
diff --git a/patches/logrotate-3.7.1/rh-selinux.patch b/patches/logrotate-3.7.1/rh-selinux.patch
new file mode 100644
index 000000000..0e1a3bbdf
--- /dev/null
+++ b/patches/logrotate-3.7.1/rh-selinux.patch
@@ -0,0 +1,173 @@
+Add selinux_getenforce() calls to work when not in enforcing mode
+- use security_getenforce() instead of selinux_getenforcemode
+From RedHat patches.
+
+Index: logrotate-3.7.1/logrotate.c
+===================================================================
+--- logrotate-3.7.1.orig/logrotate.c 2006-04-08 20:42:37.114533654 +0100
++++ logrotate-3.7.1/logrotate.c 2006-04-08 20:44:17.311634566 +0100
+@@ -17,6 +17,7 @@
+ #include <selinux/selinux.h>
+ static security_context_t prev_context=NULL;
+ int selinux_enabled=0;
++int selinux_enforce=0;
+ #endif
+
+ #include "basenames.h"
+@@ -293,38 +294,43 @@
+ return 1;
+ }
+ #ifdef WITH_SELINUX
+- if ((selinux_enabled=(is_selinux_enabled()>0)))
+- {
+- security_context_t oldContext;
+- if (fgetfilecon(fdcurr, &oldContext) >=0) {
+- if (getfscreatecon(&prev_context) < 0) {
+- message(MESS_ERROR, "error getting default context: %s\n",
+- strerror(errno));
+- freecon(oldContext);
+- return 1;
+- }
+- if (setfscreatecon(oldContext) < 0) {
+- message(MESS_ERROR, "error setting file context %s to %s: %s\n",
+- saveLog, oldContext,strerror(errno));
+- freecon(oldContext);
+- return 1;
+- }
+- freecon(oldContext);
+- } else {
+- message(MESS_ERROR, "error getting file context %s: %s\n", currLog,
+- strerror(errno));
+- return 1;
+- }
+- }
++ if (selinux_enabled) {
++ security_context_t oldContext;
++ if (fgetfilecon(fdcurr, &oldContext) >=0) {
++ if (getfscreatecon(&prev_context) < 0) {
++ message(MESS_ERROR, "error getting default context: %s\n",
++ strerror(errno));
++ if (selinux_enforce) {
++ freecon(oldContext);
++ return 1;
++ }
++ }
++ if (setfscreatecon(oldContext) < 0) {
++ message(MESS_ERROR, "error setting file context %s to %s: %s\n",
++ saveLog, oldContext,strerror(errno));
++ if (selinux_enforce) {
++ freecon(oldContext);
++ return 1;
++ }
++ }
++ freecon(oldContext);
++ } else {
++ message(MESS_ERROR, "error getting file context %s: %s\n", currLog,
++ strerror(errno));
++ if (selinux_enforce) {
++ return 1;
++ }
++ }
++ }
+ #endif
+ fdsave = open(saveLog, O_WRONLY | O_CREAT | O_TRUNC,sb->st_mode);
+ #ifdef WITH_SELINUX
+ if (selinux_enabled) {
+- setfscreatecon(prev_context);
+- if (prev_context!= NULL) {
+- freecon(prev_context);
+- prev_context=NULL;
+- }
++ setfscreatecon(prev_context);
++ if (prev_context!= NULL) {
++ freecon(prev_context);
++ prev_context=NULL;
++ }
+ }
+ #endif
+ if (fdsave < 0) {
+@@ -672,28 +678,34 @@
+ (log->flags & LOG_FLAG_DELAYCOMPRESS) ? "" : compext);
+
+ #ifdef WITH_SELINUX
+- if ((selinux_enabled=(is_selinux_enabled()>0))) {
+- security_context_t oldContext=NULL;
+- if (getfilecon(log->files[logNum], &oldContext)>0) {
+- if (getfscreatecon(&prev_context) < 0) {
+- message(MESS_ERROR, "error getting default context: %s\n",
+- strerror(errno));
+- freecon(oldContext);
+- return 1;
+- }
+- if (setfscreatecon(oldContext) < 0) {
+- message(MESS_ERROR, "error setting file context %s to %s: %s\n",
+- log->files[logNum], oldContext,strerror(errno));
+- freecon(oldContext);
+- return 1;
+- }
+- freecon(oldContext);
+- } else {
+- message(MESS_ERROR, "error getting file context %s: %s\n",
+- log->files[logNum],
+- strerror(errno));
+- return 1;
+- }
++ if (selinux_enabled) {
++ security_context_t oldContext=NULL;
++ if (getfilecon(log->files[logNum], &oldContext)>0) {
++ if (getfscreatecon(&prev_context) < 0) {
++ message(MESS_ERROR, "error getting default context: %s\n",
++ strerror(errno));
++ if (selinux_enforce) {
++ freecon(oldContext);
++ return 1;
++ }
++ }
++ if (setfscreatecon(oldContext) < 0) {
++ message(MESS_ERROR, "error setting file context %s to %s: %s\n",
++ log->files[logNum], oldContext,strerror(errno));
++ if (selinux_enforce) {
++ freecon(oldContext);
++ return 1;
++ }
++ }
++ freecon(oldContext);
++ } else {
++ message(MESS_ERROR, "error getting file context %s: %s\n",
++ log->files[logNum],
++ strerror(errno));
++ if (selinux_enforce) {
++ return 1;
++ }
++ }
+ }
+ #endif
+ for (i = rotateCount + logStart - 1; (i >= 0) && !hasErrors; i--) {
+@@ -883,11 +895,11 @@
+
+ #ifdef WITH_SELINUX
+ if (selinux_enabled) {
+- setfscreatecon(prev_context);
+- if (prev_context!= NULL) {
+- freecon(prev_context);
+- prev_context=NULL;
+- }
++ setfscreatecon(prev_context);
++ if (prev_context!= NULL) {
++ freecon(prev_context);
++ prev_context=NULL;
++ }
+ }
+ #endif
+ free(dirName);
+@@ -1249,6 +1261,10 @@
+ exit(1);
+ }
+
++#ifdef WITH_SELINUX
++ selinux_enabled=(is_selinux_enabled()>0);
++ selinux_enforce=security_getenforce();
++#endif
+ for (file = files; *file; file++) {
+ if (readConfigPath(*file, &defConfig, &logs, &numLogs)) {
+ exit(1);
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-24 23:27:55 +0000