Change how sed handles SELinux context when working with symlinks inplace
Resolves: #1401442
This commit is contained in:
parent
c9e5162ae9
commit
c8c5dea6f7
|
@ -0,0 +1,29 @@
|
||||||
|
diff --git a/NEWS b/NEWS
|
||||||
|
index e9335f0..e762b2d 100644
|
||||||
|
--- a/NEWS
|
||||||
|
+++ b/NEWS
|
||||||
|
@@ -1,4 +1,9 @@ GNU sed NEWS -*- outline -*-
|
||||||
|
GNU sed NEWS -*- outline -*-
|
||||||
|
+
|
||||||
|
+ sed -i now creates selinux context based on the context of the symlink
|
||||||
|
+ instead of the symlink target. [Bug present since at least sed-4.2]
|
||||||
|
+ sed -i --follow-symlinks remains unchanged.
|
||||||
|
+
|
||||||
|
|
||||||
|
* Noteworthy changes in release 4.4 (2017-02-03) [stable]
|
||||||
|
|
||||||
|
diff --git a/sed/execute.c b/sed/execute.c
|
||||||
|
index 1843392..453886e 100644
|
||||||
|
--- a/sed/execute.c
|
||||||
|
+++ b/sed/execute.c
|
||||||
|
@@ -607,7 +607,7 @@ open_next_file(const char *name, struct input *input)
|
||||||
|
if (is_selinux_enabled () > 0)
|
||||||
|
{
|
||||||
|
security_context_t con;
|
||||||
|
- if (getfilecon (input->in_file_name, &con) != -1)
|
||||||
|
+ if (lgetfilecon (input->in_file_name, &con) != -1)
|
||||||
|
{
|
||||||
|
/* Save and restore the old context for the sake of w and W
|
||||||
|
commands. */
|
||||||
|
2.9.5
|
||||||
|
|
12
sed.spec
12
sed.spec
|
@ -3,15 +3,16 @@
|
||||||
Summary: A GNU stream text editor
|
Summary: A GNU stream text editor
|
||||||
Name: sed
|
Name: sed
|
||||||
Version: 4.4
|
Version: 4.4
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
Group: Applications/Text
|
Group: Applications/Text
|
||||||
URL: http://sed.sourceforge.net/
|
URL: http://sed.sourceforge.net/
|
||||||
Source0: ftp://ftp.gnu.org/pub/gnu/sed/sed-%{version}.tar.xz
|
Source0: ftp://ftp.gnu.org/pub/gnu/sed/sed-%{version}.tar.xz
|
||||||
Source1: http://sed.sourceforge.net/sedfaq.txt
|
Source1: http://sed.sourceforge.net/sedfaq.txt
|
||||||
Patch0: sed-4.2.2-binary_copy_args.patch
|
Patch0: sed-4.2.2-binary_copy_args.patch
|
||||||
|
Patch1: sed-selinux.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: glibc-devel, libselinux-devel, libacl-devel
|
BuildRequires: glibc-devel, libselinux-devel, libacl-devel, automake, autoconf
|
||||||
BuildRequires: perl-Getopt-Long
|
BuildRequires: perl-Getopt-Long
|
||||||
Requires(post): /sbin/install-info
|
Requires(post): /sbin/install-info
|
||||||
Requires(preun): /sbin/install-info
|
Requires(preun): /sbin/install-info
|
||||||
|
@ -31,6 +32,7 @@ specified in a script file or from the command line.
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1 -b .copy
|
%patch0 -p1 -b .copy
|
||||||
|
%patch1 -p1 -b .selinux
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --without-included-regex
|
%configure --without-included-regex
|
||||||
|
@ -73,6 +75,12 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||||
%{_mandir}/man*/*
|
%{_mandir}/man*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 11 2018 Jakub Martisko <jamartis@redhat.com> - 4.4-4
|
||||||
|
- When editing file inplace, the SELinux context should
|
||||||
|
be based on the link instead of the target file itself.
|
||||||
|
--follow-symlinks option remains unchanged
|
||||||
|
- Resolves: #1401442
|
||||||
|
|
||||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.4-3
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.4-3
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue