SOURCES: logrotate-selinux.patch (NEW) - update selinux from fc8
glen
glen at pld-linux.org
Mon Apr 14 12:37:19 CEST 2008
Author: glen Date: Mon Apr 14 10:37:19 2008 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- update selinux from fc8
---- Files affected:
SOURCES:
logrotate-selinux.patch (1.2 -> 1.3) (NEW)
---- Diffs:
================================================================
Index: SOURCES/logrotate-selinux.patch
diff -u /dev/null SOURCES/logrotate-selinux.patch:1.3
--- /dev/null Mon Apr 14 12:37:19 2008
+++ SOURCES/logrotate-selinux.patch Mon Apr 14 12:37:14 2008
@@ -0,0 +1,128 @@
+diff -up logrotate-3.7.6/logrotate.c.selinux logrotate-3.7.6/logrotate.c
+--- logrotate-3.7.6/logrotate.c.selinux 2007-08-07 09:14:35.000000000 +0200
++++ logrotate-3.7.6/logrotate.c 2008-01-21 09:32:56.000000000 +0100
+@@ -409,15 +409,17 @@ static int copyTruncate(char *currLog, c
+ }
+ #ifdef WITH_SELINUX
+ if (selinux_enabled) {
+- security_context_t oldContext;
++ security_context_t oldContext = NULL;
+ if (fgetfilecon_raw(fdcurr, &oldContext) >= 0) {
+ if (getfscreatecon_raw(&prev_context) < 0) {
+ message(MESS_ERROR,
+ "getting default context: %s\n",
+ strerror(errno));
+ if (selinux_enforce) {
+- freecon(oldContext);
+- return 1;
++ if (oldContext != NULL) {
++ freecon(oldContext);
++ }
++ return 1;
+ }
+ }
+ if (setfscreatecon_raw(oldContext) < 0) {
+@@ -425,11 +427,15 @@ static int copyTruncate(char *currLog, c
+ "setting file context %s to %s: %s\n",
+ saveLog, oldContext, strerror(errno));
+ if (selinux_enforce) {
+- freecon(oldContext);
+- return 1;
++ if (oldContext != NULL) {
++ freecon(oldContext);
++ }
++ return 1;
+ }
+ }
+- freecon(oldContext);
++ if (oldContext != NULL) {
++ freecon(oldContext);
++ }
+ } else {
+ if (errno != ENOTSUP) {
+ message(MESS_ERROR, "getting file context %s: %s\n",
+@@ -899,6 +905,9 @@ int rotateSingleLog(logInfo * log, int l
+ int hasErrors = 0;
+ struct stat sb;
+ int fd;
++#ifdef WITH_SELINUX
++ security_context_t savedContext = NULL;
++#endif
+
+ if (!state->doRotate)
+ return 0;
+@@ -906,7 +915,57 @@ int rotateSingleLog(logInfo * log, int l
+ if (!hasErrors) {
+
+ if (!(log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))) {
+- message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
++#ifdef WITH_SELINUX
++ if (selinux_enabled) {
++ security_context_t oldContext = NULL;
++ int fdcurr = -1;
++
++ if ((fdcurr = open(log->files[logNum], O_RDWR)) < 0) {
++ message(MESS_ERROR, "error opening %s: %s\n",
++ log->files[logNum],
++ strerror(errno));
++ return 1;
++ }
++ if (fgetfilecon_raw(fdcurr, &oldContext) >= 0) {
++ if (getfscreatecon_raw(&savedContext) < 0) {
++ message(MESS_ERROR,
++ "getting default context: %s\n",
++ strerror(errno));
++ if (selinux_enforce) {
++ if (oldContext != NULL) {
++ freecon(oldContext);
++ }
++ return 1;
++ }
++ }
++ if (setfscreatecon_raw(oldContext) < 0) {
++ message(MESS_ERROR,
++ "setting file context %s to %s: %s\n",
++ log->files[logNum], oldContext, strerror(errno));
++ if (selinux_enforce) {
++ if (oldContext != NULL) {
++ freecon(oldContext);
++ }
++ return 1;
++ }
++ }
++ message(MESS_DEBUG, "fscreate context set to %s\n",
++ oldContext);
++ if (oldContext != NULL) {
++ freecon(oldContext);
++ }
++ } else {
++ if (errno != ENOTSUP) {
++ message(MESS_ERROR, "getting file context %s: %s\n",
++ log->files[logNum], strerror(errno));
++ if (selinux_enforce) {
++ return 1;
++ }
++ }
++ }
++ }
++#endif
++ message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
+ rotNames->finalName);
+
+ if (!debug && !hasErrors &&
+@@ -961,6 +1020,15 @@ int rotateSingleLog(logInfo * log, int l
+ close(fd);
+ }
+ }
++#ifdef WITH_SELINUX
++ if (selinux_enabled) {
++ setfscreatecon_raw(savedContext);
++ if (savedContext != NULL) {
++ freecon(savedContext);
++ savedContext = NULL;
++ }
++ }
++#endif
+
+ if (!hasErrors
+ && log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))
================================================================
More information about the pld-cvs-commit
mailing list