Change how sed handles SELinux context when working with symlinks inplace
Resolves: #1401442
This commit is contained in:
Jakub Martisko
parent
c9e5162ae9
commit
c8c5dea6f7
|
|
@ -0,0 +1,29 @@
|
|||
diff --git a/NEWS b/NEWS
|
||||
index e9335f0..e762b2d 100644
|
||||
--- a/NEWS
|
||||
+++ b/NEWS
|
||||
@@ -1,4 +1,9 @@ GNU sed NEWS -*- outline -*-
|
||||
GNU sed NEWS -*- outline -*-
|
||||
+
|
||||
+ sed -i now creates selinux context based on the context of the symlink
|
||||
+ instead of the symlink target. [Bug present since at least sed-4.2]
|
||||
+ sed -i --follow-symlinks remains unchanged.
|
||||
+
|
||||
|
||||
* Noteworthy changes in release 4.4 (2017-02-03) [stable]
|
||||
|
||||
diff --git a/sed/execute.c b/sed/execute.c
|
||||
index 1843392..453886e 100644
|
||||
--- a/sed/execute.c
|
||||
+++ b/sed/execute.c
|
||||
@@ -607,7 +607,7 @@ open_next_file(const char *name, struct input *input)
|
||||
if (is_selinux_enabled () > 0)
|
||||
{
|
||||
security_context_t con;
|
||||
- if (getfilecon (input->in_file_name, &con) != -1)
|
||||
+ if (lgetfilecon (input->in_file_name, &con) != -1)
|
||||
{
|
||||
/* Save and restore the old context for the sake of w and W
|
||||
commands. */
|
||||
2.9.5
|
||||
|
||||
12
sed.spec
12
sed.spec
|
|
@ -3,15 +3,16 @@
|
|||
Summary: A GNU stream text editor
|
||||
Name: sed
|
||||
Version: 4.4
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv3+
|
||||
Group: Applications/Text
|
||||
URL: http://sed.sourceforge.net/
|
||||
Source0: ftp://ftp.gnu.org/pub/gnu/sed/sed-%{version}.tar.xz
|
||||
Source1: http://sed.sourceforge.net/sedfaq.txt
|
||||
Patch0: sed-4.2.2-binary_copy_args.patch
|
||||
Patch1: sed-selinux.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: glibc-devel, libselinux-devel, libacl-devel
|
||||
BuildRequires: glibc-devel, libselinux-devel, libacl-devel, automake, autoconf
|
||||
BuildRequires: perl-Getopt-Long
|
||||
Requires(post): /sbin/install-info
|
||||
Requires(preun): /sbin/install-info
|
||||
|
|
@ -31,6 +32,7 @@ specified in a script file or from the command line.
|
|||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .copy
|
||||
%patch1 -p1 -b .selinux
|
||||
|
||||
%build
|
||||
%configure --without-included-regex
|
||||
|
|
@ -73,6 +75,12 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
%{_mandir}/man*/*
|
||||
|
||||
%changelog
|
||||
* Thu Jan 11 2018 Jakub Martisko <jamartis@redhat.com> - 4.4-4
|
||||
- When editing file inplace, the SELinux context should
|
||||
be based on the link instead of the target file itself.
|
||||
--follow-symlinks option remains unchanged
|
||||
- Resolves: #1401442
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.4-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue