From 90d4af20f515c6a212758312cbe2ed67a275e32d Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Tue, 15 Mar 2011 17:40:23 +0100 Subject: [PATCH] Update the pam module selinux patch --- gnome-keyring-2.91.93-pam-selinux.patch | 48 ++++++++++++++----------- gnome-keyring.spec | 7 ++-- 2 files changed, 33 insertions(+), 22 deletions(-) diff --git a/gnome-keyring-2.91.93-pam-selinux.patch b/gnome-keyring-2.91.93-pam-selinux.patch index ef1676c..ae05fa5 100644 --- a/gnome-keyring-2.91.93-pam-selinux.patch +++ b/gnome-keyring-2.91.93-pam-selinux.patch @@ -1,37 +1,33 @@ diff --git a/configure.in b/configure.in -index a5a434d..8294028 100644 +index a5a434d..1d3801e 100644 --- a/configure.in +++ b/configure.in -@@ -572,6 +572,28 @@ AC_SUBST(GCOV) +@@ -572,6 +572,24 @@ AC_SUBST(GCOV) AC_SUBST(GENHTML) # ---------------------------------------------------------------------- +# selinux ++ ++LIBSELINUX="" ++selinux_status="no" +AC_ARG_ENABLE([selinux], -+ AC_HELP_STRING([--disable-selinux],[do not use SELinux]), -+ WITH_SELINUX=$enableval, WITH_SELINUX=yes) -+if test "$WITH_SELINUX" == "yes" ; then -+ AC_CHECK_LIB([selinux],[getfilecon], LIBSELINUX="-lselinux", LIBSELINUX="") -+ selinux_status="yes" -+else -+ LIBSELINUX="" -+ selinux_status="no" ++ AC_HELP_STRING([--disable-selinux],[do not use SELinux])) ++if test "x$enable_selinux" != "xno"; then ++ AC_CHECK_LIB([selinux],[getfilecon], ++ [AC_CHECK_LIB([selinux],[setexeccon], ++ [AC_DEFINE([WITH_SELINUX], 1, [Defined if SE Linux support is compiled in]) ++ LIBSELINUX="-lselinux" ++ selinux_status="yes"]) ++ ]) +fi +AC_SUBST(LIBSELINUX) +AM_CONDITIONAL([HAVE_LIBSELINUX], [test ! -z "$LIBSELINUX"]) -+if test ! -z "$LIBSELINUX" ; then -+ AC_DEFINE([WITH_SELINUX], 1, [Defined if SE Linux support is compiled in]) -+ BACKUP_LIBS=$LIBS -+ LIBS="$LIBS $LIBSELINUX" -+ AC_CHECK_FUNCS(setexeccon) -+ LIBS=$BACKUP_LIBS -+fi + +# ---------------------------------------------------------------------- # Valgrind AC_ARG_ENABLE(valgrind, -@@ -742,6 +764,7 @@ echo +@@ -742,6 +760,7 @@ echo echo "OPTIONAL DEPENDENCIES" echo " PAM: $pam_status" echo " Linux capabilities: $libcapng_status" @@ -39,8 +35,20 @@ index a5a434d..8294028 100644 echo echo "CONFIGURATION" echo " SSH Agent: $ssh_status" +diff --git a/pam/Makefile.am b/pam/Makefile.am +index 81bda13..2e6362d 100644 +--- a/pam/Makefile.am ++++ b/pam/Makefile.am +@@ -16,6 +16,7 @@ pam_gnome_keyring_la_LIBADD = \ + $(top_builddir)/egg/libegg-buffer.la \ + $(top_builddir)/egg/libegg-creds.la \ + $(top_builddir)/egg/libegg-secure.la \ ++ $(LIBSELINUX) \ + -lpam + + pam_gnome_keyring_la_LDFLAGS = \ diff --git a/pam/gkr-pam-module.c b/pam/gkr-pam-module.c -index e63c917..2e2e765 100644 +index e63c917..8ad814c 100644 --- a/pam/gkr-pam-module.c +++ b/pam/gkr-pam-module.c @@ -317,6 +317,36 @@ cleanup_free_password (pam_handle_t *ph, void *data, int pam_end_status) @@ -63,7 +71,7 @@ index e63c917..2e2e765 100644 + + ret = getfilecon(command, &fcon); + if (ret < 0) goto err; -+ ++ + ret = security_compute_create(execcon, fcon, SECCLASS_PROCESS, &newcon); + if (ret < 0) goto err; + diff --git a/gnome-keyring.spec b/gnome-keyring.spec index 5aed3f3..db805e5 100644 --- a/gnome-keyring.spec +++ b/gnome-keyring.spec @@ -8,7 +8,7 @@ Summary: Framework for managing passwords and other secrets Name: gnome-keyring Version: 2.91.92 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Libraries #VCS: git:git://git.gnome.org/gnome-keyring @@ -36,6 +36,7 @@ BuildRequires: libtasn1-tools BuildRequires: libgnome-keyring-devel >= %{libgnome-keyring_version} BuildRequires: gtk-doc BuildRequires: libcap-ng-devel +BuildRequires: libselinux-devel # for smooth transition since the core was split Requires: libgnome-keyring >= %{libgnome-keyring_version} @@ -80,7 +81,6 @@ autoreconf -i -f %configure --disable-gtk-doc \ --with-pam-dir=/%{_lib}/security \ - --disable-acl-prompts \ --enable-pam \ --with-gtk=3.0 @@ -148,6 +148,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas %changelog +* Tue Mar 15 2011 Tomas Bzatek - 2.91.92-3 +- Update the pam module selinux patch + * Tue Mar 15 2011 Tomas Bzatek - 2.91.92-2 - Set correct SELinux context of daemon started from the pam module (#684225)