diff options
author | Nalin Dahyabhai <nalin@redhat.com> | 2011-11-15 11:15:37 -0500 |
---|---|---|
committer | Nalin Dahyabhai <nalin@redhat.com> | 2011-11-15 11:15:37 -0500 |
commit | 57dcd4d36a4ddfb794b728fe8a23d11428897a71 (patch) | |
tree | 20b3fa7c3c6e2485dd11f99d31454dee78b24938 | |
parent | bd62255a2eefd3da773192ec36bbb0c966830bfa (diff) | |
download | krb5-57dcd4d36a4ddfb794b728fe8a23d11428897a71.tar.gz krb5-57dcd4d36a4ddfb794b728fe8a23d11428897a71.tar.xz krb5-57dcd4d36a4ddfb794b728fe8a23d11428897a71.zip |
- selinux: reset the creation context properly after expunging replay caches if they were previously set to the default value (#754001)krb5-1.9.1-19.fc16
-rw-r--r-- | krb5-1.9-selinux-label.patch | 22 | ||||
-rw-r--r-- | krb5.spec | 6 |
2 files changed, 22 insertions, 6 deletions
diff --git a/krb5-1.9-selinux-label.patch b/krb5-1.9-selinux-label.patch index 03e58c4..950254b 100644 --- a/krb5-1.9-selinux-label.patch +++ b/krb5-1.9-selinux-label.patch @@ -501,7 +501,7 @@ diff -up krb5-1.8/src/util/support/Makefile.in.selinux-label krb5-1.8/src/util/s diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/support/selinux.c --- krb5-1.8/src/util/support/selinux.c.selinux-label 2010-03-05 10:57:23.000000000 -0500 +++ krb5-1.8/src/util/support/selinux.c 2010-03-05 10:57:23.000000000 -0500 -@@ -0,0 +1,362 @@ +@@ -0,0 +1,374 @@ +/* + * Copyright 2007,2008,2009,2011 Red Hat, Inc. All Rights Reserved. + * @@ -725,16 +725,28 @@ diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/sup +krb5int_push_fscreatecon_for(const char *pathname) +{ + struct stat st; -+ if (stat(pathname, &st) != 0) { -+ st.st_mode = S_IRUSR | S_IWUSR; ++ void *retval; ++ k5_once(&labeled_once, label_mutex_init); ++ if (k5_mutex_lock(&labeled_mutex) == 0) { ++ if (stat(pathname, &st) != 0) { ++ st.st_mode = S_IRUSR | S_IWUSR; ++ } ++ retval = push_fscreatecon(pathname, st.st_mode); ++ return retval ? retval : (void *) -1; ++ } else { ++ return NULL; + } -+ return push_fscreatecon(pathname, st.st_mode); +} + +void +krb5int_pop_fscreatecon(void *con) +{ -+ pop_fscreatecon(con); ++ if (con != NULL) { ++ if (con != (void *) -1) { ++ pop_fscreatecon(con); ++ } ++ k5_mutex_unlock(&labeled_mutex); ++ } +} + +FILE * @@ -6,7 +6,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.9.1 -Release: 18%{?dist} +Release: 19%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9.1-signed.tar Source0: krb5-%{version}.tar.gz @@ -703,6 +703,10 @@ exit 0 %{_sbindir}/uuserver %changelog +* Wed Nov 15 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-19 +- selinux: reset the creation context properly after expunging replay caches + if they were previously set to the default value (#754001) + * Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.1-18 - Rebuilt for glibc bug#747377 |