packages: nss_db/nss_db-selinux.patch - update from fc

glen glen at pld-linux.org
Mon Feb 22 18:23:22 CET 2010 

Author: glen                         Date: Mon Feb 22 17:23:21 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- update from fc

---- Files affected:
packages/nss_db:
   nss_db-selinux.patch (1.1 -> 1.2) 

---- Diffs:

================================================================
Index: packages/nss_db/nss_db-selinux.patch
diff -u packages/nss_db/nss_db-selinux.patch:1.1 packages/nss_db/nss_db-selinux.patch:1.2
--- packages/nss_db/nss_db-selinux.patch:1.1	Wed Oct 10 17:14:11 2007
+++ packages/nss_db/nss_db-selinux.patch	Mon Feb 22 18:23:16 2010
@@ -12,7 +12,7 @@
 +selinux=auto)
 +
 +libsave="$LIBS"
-+if test x$selinux != no ; then
++if test x$selinux != xno ; then
 +  AC_CHECK_HEADERS(selinux/selinux.h)
 +  if test x$ac_cv_header_selinux_selinux_h = xno ; then
 +    if test x$selinux = xyes ; then
@@ -24,7 +24,7 @@
 +  fi
 +fi
 +
-+if test x$selinux != no ; then
++if test x$selinux != xno ; then
 +  AC_CHECK_FUNC(setfscreatecon,,[AC_CHECK_LIB(selinux,setfscreatecon)])
 +  if test x$ac_cv_func_setfscreatecon = xno ; then
 +    if test x$ac_cv_lib_selinux_setfscreatecon = xno ; then
@@ -37,7 +37,7 @@
 +    fi
 +  fi
 +fi
-+if test x$selinux != no ; then
++if test x$selinux != xno ; then
 +  AC_DEFINE(SELINUX,1,[Define to have makedb set SELinux file contexts on created files.])
 +fi
 +
@@ -47,26 +47,27 @@
  AC_CANONICAL_HOST
  slibdir=NONE
  case "$host" in
-@@ -100,5 +137,6 @@
+@@ -100,6 +137,7 @@
  
  AC_SUBST(DB_CFLAGS)
  AC_SUBST(DB_LIBS)
 +AC_SUBST(SELINUX_LIBS)
  AC_SUBST(slibdir)
- AC_OUTPUT(Makefile)
---- nss_db-2.2/src/Makefile.am	2004-10-20 13:47:22.207986040 -0400
-+++ nss_db-2.2/src/Makefile.am	2004-10-20 13:48:46.242210896 -0400
-@@ -28,7 +28,7 @@
+ 
+ dnl Internationalization macros.
+--- nss_db-2.2.3pre1/src/Makefile.am~	2010-02-22 19:20:49.000000000 +0200
++++ nss_db-2.2.3pre1/src/Makefile.am	2010-02-22 19:22:25.691737306 +0200
+@@ -30,7 +30,7 @@
  
  bin_PROGRAMS = makedb
  makedb_SOURCES = makedb.c
 -makedb_LDADD = db-compat.lo @DB_LIBS@ @INTLLIBS@
-+makedb_LDADD = db-compat.lo @DB_LIBS@ @INTLLIBS@ @SELINUX_LIBS@
++makedb_LDADD = db-compat.lo @DB_LIBS@ @SELINUX_LIBS@ @INTLLIBS@
  
  # To mimmick the old glibc installation as closely as possible, we
  # shuffle the installed library and the links to it around a bit,
---- nss_db-2.2/src/makedb.c	2004-10-20 13:52:02.814327392 -0400
-+++ nss_db-2.2/src/makedb.c	2004-10-20 14:06:07.605899552 -0400
+--- nss_db-2.2.3/src/makedb.c	2004-10-20 13:52:02.814327392 -0400
++++ nss_db-2.2.3/src/makedb.c	2004-10-20 14:06:07.605899552 -0400
 @@ -32,6 +32,10 @@
  #include <string.h>
  #include <sys/stat.h>
@@ -102,7 +103,7 @@
    if (status)
      error (EXIT_FAILURE, 0, gettext ("cannot open output file `%s': %s"),
  	   output_name, db_strerror (status));
-@@ -388,3 +400,44 @@
+@@ -388,3 +400,55 @@
  
    return EXIT_SUCCESS;
  }
@@ -112,7 +113,7 @@
 +static void
 +set_file_creation_context (const char *outname, mode_t mode)
 +{
-+  static int enabled = -1;
++  static int enabled = -1, enforcing = -1;
 +  security_context_t ctx;
 +  /* Handle the "reset the context" case. */
 +  if (outname == NULL)
@@ -129,19 +130,30 @@
 +    {
 +      return;
 +    }
-+  /* Determine the context which the file should have. */
-+  ctx = NULL;
-+  if (matchpathcon (outname, S_IFREG | mode, &ctx) != 0)
++  /* Check if SELinux is enforcing, and remember. */
++  if (enforcing == -1)
 +    {
-+      error (EXIT_FAILURE, 0,
-+             gettext ("cannot determine file context for `%s'"), outname);
++      enforcing = security_getenforce();
 +    }
-+  if (ctx != NULL)
++  /* Determine the context which the file should have. */
++  ctx = NULL;
++  if ((matchpathcon (outname, S_IFREG | mode, &ctx) == 0) &&
++      (ctx != NULL))
 +    {
 +      if (setfscreatecon (ctx) != 0)
 +        {
-+          error (EXIT_FAILURE, 0,
-+                 gettext ("cannot set file creation context for `%s'"), outname);
++          if (enforcing)
++            {
++              error (EXIT_FAILURE, 0,
++                     gettext ("cannot set file creation context for `%s'"),
++                     outname);
++            }
++          else
++            {
++              error (0, 0,
++                     gettext ("cannot set file creation context for `%s'"),
++                     outname);
++            }
 +        }
 +      freecon (ctx);
 +    }
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/nss_db/nss_db-selinux.patch?r1=1.1&r2=1.2&f=u

More information about the pld-cvs-commit mailing list