rpms
/
libselinux
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

libselinux-2.8-6 

- selinux_restorecon: Skip customized files also without -v
- Do not dereference symlink with statfs in selinux_restorecon
This commit is contained in:
Petr Lautrbach 2019-01-21 17:29:28 +01:00
parent 9588e46203
commit afbe0c7d6d
2 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
libselinux-fedora.patch
View File

@ -373,7 +373,7 @@ index 292728f..b06cb63 100644
for (i = 0; i < NEL; i++)
diff --git libselinux-2.8/src/selinux_restorecon.c libselinux-2.8/src/selinux_restorecon.c
index ced4115..8714a70 100644
index ced4115..1e9a978 100644
--- libselinux-2.8/src/selinux_restorecon.c
+++ libselinux-2.8/src/selinux_restorecon.c
@@ -350,12 +350,19 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
@ -398,6 +398,16 @@ index ced4115..8714a70 100644
new_entry->result = digest_result;
@@ -671,8 +678,8 @@ static int restorecon_sb(const char *pathname, const struct stat *sb,
selinux_log(SELINUX_INFO,
"%s not reset as customized by admin to %s\n",
pathname, curcon);
- goto out;
}
+ goto out;
}
if (!flags->set_specctx && curcon) {
@@ -849,6 +856,7 @@ int selinux_restorecon(const char *pathname_orig,
if (lstat(pathname, &sb) < 0) {
@ -406,6 +416,15 @@ index ced4115..8714a70 100644
free(pathdnamer);
free(pathname);
return 0;
@@ -880,7 +888,7 @@ int selinux_restorecon(const char *pathname_orig,
setrestoreconlast = false;
/* Ignore restoreconlast on in-memory filesystems */
- if (statfs(pathname, &sfsb) == 0) {
+ if (setrestoreconlast && statfs(pathname, &sfsb) == 0) {
if (sfsb.f_type == RAMFS_MAGIC || sfsb.f_type == TMPFS_MAGIC)
setrestoreconlast = false;
}
diff --git libselinux-2.8/src/setfilecon.c libselinux-2.8/src/setfilecon.c
index d05969c..3f0200e 100644
--- libselinux-2.8/src/setfilecon.c

8
libselinux.spec
View File

@ -4,7 +4,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.8
Release: 5%{?dist}
Release: 6%{?dist}
License: Public Domain
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/libselinux-2.8.tar.gz
@ -14,7 +14,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run:
# $ VERSION=2.8 ./make-fedora-selinux-patch.sh libselinux
# HEAD https://github.com/fedora-selinux/selinux/commit/decd49caec76a87817686f84716503151cf2be5d
# HEAD https://github.com/fedora-selinux/selinux/commit/10767636b5d9b8f3fa3cf3815e860f4ca4fcb247
Patch1: libselinux-fedora.patch
BuildRequires: gcc
BuildRequires: python2 python2-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
@ -229,6 +229,10 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{ruby_vendorarchdir}/selinux.so
%changelog
* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-6
- selinux_restorecon: Skip customized files also without -v
- Do not dereference symlink with statfs in selinux_restorecon
* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
- Fix RESOURCE_LEAK coverity scan defects