- rpmexeccon should not fail in permissive mode.

2005-01-24 20:46:24 +00:00 · 2005-01-24 20:46:24 +00:00 · e0a30a3da4
parent ca41c6e4bb
commit e0a30a3da4
2 changed files with 19 additions and 2 deletions
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@ -10,3 +10,18 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/utils/avcstat.c libselinux-1.
 }
 
 static void set_window_rows(void)
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/rpm.c libselinux-1.21.1/src/rpm.c
+--- nsalibselinux/src/rpm.c	2004-11-09 09:13:54.000000000 -0500
+++ libselinux-1.21.1/src/rpm.c	2005-01-24 15:24:33.000000000 -0500
+@@ -41,8 +41,10 @@
+ 	rc = setexeccon(newcon);
+ 	if (rc < 0) 
+ 		goto out;
+-	rc = execve(filename, argv, envp);
+ out:
+	if ( ( rc == 0 ) || 
+	     (security_getenforce() == 0 ))
+	  rc = execve(filename, argv, envp);
+ 	context_free(con);
+ 	freecon(newcon);
+ 	freecon(fcon);
--- a/libselinux.spec
+++ b/libselinux.spec
@ -1,7 +1,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 1.21.1
-Release: 2
+Release: 3
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@ -86,9 +86,11 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man8/*

 %changelog
+* Mon Jan 24 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-3
+- rpmexeccon should not fail in permissive mode.
+
 * Fri Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-2
 - fix printf in avcstat
-
 * Thu Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-1
 - Update from NSA