folkslinux
/
rpm
mirror of https://github.com/rpm-software-management/rpm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- establish rpm_script_t before scriptlet exec. 

CVS patchset: 7098
CVS date: 2004/02/16 04:57:25
This commit is contained in:
jbj 2004-02-16 04:57:25 +00:00
parent 78a861c1ea
commit e0dc1382c6
4 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -17,7 +17,7 @@
- fix: set fcontext from pkg when file_contexts doesn't exist (#114040).
- fix: set fcontext for "mkdir -p" directories not in packages.
- fix: setfiles (aka rpmsx.c) dinna handle patterns correctly.
- establish rpm_script_t before scriptlet exec, ignore errors for now.
- establish rpm_script_t before scriptlet exec.
4.2.1 -> 4.2.2:
- unify signal handling in librpmio, use condvar to deliver signal.

23
lib/psm.c
View File

@ -524,19 +524,22 @@ static int switchIdentity(rpmpsm psm, const char * ntype)
rc = setexeccon(ncon);
if (rc != 0)
switch (errno) {
case EINVAL:
/*
* XXX HACK: rpm_script_t permitted only from sysadm_r, EINVAL returned.
* Hack around that issue while "rpm_script_t" in policy is stabilizing.
* Policy for rpm currently permits rpm_script_t establish only from
* sysadm_r or system_r. If enforcing, this is hard error, otherwise
* warn the user and continue.
*/
if (rc != 0) {
if (security_getenforce() == 1) { /* enforcing */
rpmMessage(RPMMESS_ERROR,
_("setexeccon(%s) fails from context \"%s\": %s\n"),
(char *) ncon, (char *) ocon, strerror(errno));
} else { /* permissive */
rpmMessage(RPMMESS_WARNING,
_("setexeccon(%s) fails from context \"%s\": %s\nContinuing ...\n"),
(char *) ncon, (char *) ocon, strerror(errno));
rc = 0;
break;
default:
rpmMessage(RPMMESS_DEBUG,
"%s: setexeccon() rc %d: %s\n", rc, strerror(errno));
break;
}
}
exit:

4
rpm.spec.in
View File

@ -20,7 +20,7 @@ Name: rpm
%define version @VERSION@
Version: %{version}
%{expand: %%define rpm_version %{version}}
Release: 0.8
Release: 0.11
Group: System Environment/Base
Source: ftp://ftp.rpm.org/pub/rpm/dist/rpm-4.0.x/rpm-%{rpm_version}.tar.gz
License: GPL
@ -486,7 +486,7 @@ exit 0
- fix: set fcontext from pkg when file_contexts doesn't exist (#114040).
- fix: set fcontext for "mkdir -p" directories not in packages.
- fix: setfiles (aka rpmsx.c) dinna handle patterns correctly.
- establish rpm_script_t before scriptlet exec, ignore errors for now.
- establish rpm_script_t before scriptlet exec.
* Wed Feb 11 2004 Jeff Johnson <jbj@redhat.com> 4.3-0.10
- re-add --enable-posixmutexes to build.

16
system.h
View File

@ -301,7 +301,12 @@ typedef char * security_context_t;
#define lsetfilecon(_fn, _c) (-1)
#define fsetfilecon(_fd, _c) (-1)
#define getcon(_c) (-1)
#define getexeccon(_c) (-1)
#define setexeccon(_c) (-1)
#define security_check_context(_c) (0)
#define security_getenforce() (0)
#define is_selinux_enabled() (-1)
#endif
@ -328,9 +333,20 @@ extern int fsetfilecon(int fd, security_context_t con)
/*@globals fileSystem @*/
/*@modifies fileSystem @*/;
extern int getcon(/*@out@*/ security_context_t *con)
/*@modifies *con @*/;
extern int getexeccon(/*@out@*/ security_context_t *con)
/*@modifies *con @*/;
extern int setexeccon(security_context_t con)
/*@globals fileSystem @*/
/*@modifies fileSystem @*/;
extern int security_check_context(security_context_t con)
/*@globals fileSystem @*/
/*@modifies fileSystem @*/;
extern int security_getenforce(void)
/*@globals fileSystem @*/
/*@modifies fileSystem @*/;
extern int is_selinux_enabled(void)
/*@globals fileSystem @*/