diff options
| author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-05-30 09:18:15 -0400 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-05-30 09:18:15 -0400 |
| commit | 559c78a30a78cb45a5e2e261eded99cbac8c94b7 (patch) | |
| tree | f1c37b0c6b3c2faccef93537eb44338d08a24055 | |
| parent | 11a4bca1fa71914631f0ea435368d10c7b8cfeb9 (diff) | |
| download | krb5-559c78a30a78cb45a5e2e261eded99cbac8c94b7.tar.gz krb5-559c78a30a78cb45a5e2e261eded99cbac8c94b7.tar.xz krb5-559c78a30a78cb45a5e2e261eded99cbac8c94b7.zip | |
Label DIR: ccache directories when we create them
- don't forget to set the SELinux label when creating the directory for
a DIR: ccache
| -rw-r--r-- | krb5-1.11-selinux-label.patch | 26 | ||||
| -rw-r--r-- | krb5.spec | 6 |
2 files changed, 31 insertions, 1 deletions
diff --git a/krb5-1.11-selinux-label.patch b/krb5-1.11-selinux-label.patch index 0486b82..f832728 100644 --- a/krb5-1.11-selinux-label.patch +++ b/krb5-1.11-selinux-label.patch @@ -897,6 +897,32 @@ which we used earlier, is some improvement. if (fd < 0) goto cleanup; #ifdef HAVE_CHMOD +@@ -223,10 +232,23 @@ + verify_dir(krb5_context context, const char *dirname) + { + struct stat st; ++ int status; ++#ifdef USE_SELINUX ++ void *selabel; ++#endif + + if (stat(dirname, &st) < 0) { +- if (errno == ENOENT && mkdir(dirname, S_IRWXU) == 0) +- return 0; ++ if (errno == ENOENT) { ++#ifdef USE_SELINUX ++ selabel = krb5int_push_fscreatecon_for(dirname); ++#endif ++ status = mkdir(dirname, S_IRWXU); ++#ifdef USE_SELINUX ++ krb5int_pop_fscreatecon(selabel); ++#endif ++ if (status == 0) ++ return 0; ++ } + krb5_set_error_message(context, KRB5_FCC_NOFILE, + _("Credential cache directory %s does not " + "exist"), dirname); --- krb5/src/lib/krb5/os/trace.c +++ krb5/src/lib/krb5/os/trace.c @@ -401,7 +401,7 @@ krb5_set_trace_filename(krb5_context con @@ -30,7 +30,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.11.2 -Release: 8%{?dist} +Release: 9%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.2-signed.tar Source0: krb5-%{version}.tar.gz @@ -837,6 +837,10 @@ exit 0 %{_sbindir}/uuserver %changelog +* Thu May 30 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.2-9 +- don't forget to set the SELinux label when creating the directory for + a DIR: ccache + * Thu May 30 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.2-8 - pull in patches from master to not test GSSRPC-over-UDP and to not depend on the portmapper, which are areas where our build systems |