From 2353cbd5a10d501bffbe596b6400506424892ef7 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Dec 02 2008 13:41:50 +0000 Subject: * Tue Dec 2 2008 Dan Walsh 2.0.57-12 - Fix error checking in restorecond, for inotify_add_watch --- diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 07344b6..bdc82a3 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,4 +1,4 @@ -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.57/Makefile +diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.57/Makefile --- nsapolicycoreutils/Makefile 2008-09-22 13:25:07.000000000 -0400 +++ policycoreutils-2.0.57/Makefile 2008-12-01 15:20:08.000000000 -0500 @@ -1,4 +1,4 @@ @@ -7,7 +7,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.57/audit2allow/audit2allow +diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.57/audit2allow/audit2allow --- nsapolicycoreutils/audit2allow/audit2allow 2008-09-22 13:25:08.000000000 -0400 +++ policycoreutils-2.0.57/audit2allow/audit2allow 2008-12-01 15:22:30.000000000 -0500 @@ -42,10 +42,10 @@ @@ -57,7 +57,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po g = policygen.PolicyGenerator() -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.57/audit2allow/audit2allow.1 +diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.57/audit2allow/audit2allow.1 --- nsapolicycoreutils/audit2allow/audit2allow.1 2008-09-22 13:25:08.000000000 -0400 +++ policycoreutils-2.0.57/audit2allow/audit2allow.1 2008-12-01 15:22:34.000000000 -0500 @@ -44,9 +44,6 @@ @@ -79,7 +79,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po .TP .B "\-v" | "\-\-verbose" -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.57/newrole/newrole.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.57/newrole/newrole.c --- nsapolicycoreutils/newrole/newrole.c 2008-09-22 13:25:08.000000000 -0400 +++ policycoreutils-2.0.57/newrole/newrole.c 2008-12-01 15:20:08.000000000 -0500 @@ -553,7 +553,7 @@ @@ -100,7 +100,56 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po return -1; } rc |= cap_set_flag(new_caps, CAP_PERMITTED, 6, cap_list, CAP_SET); -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.57/scripts/chcat +diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.57/restorecond/restorecond.c +--- nsapolicycoreutils/restorecond/restorecond.c 2008-09-22 13:25:08.000000000 -0400 ++++ policycoreutils-2.0.57/restorecond/restorecond.c 2008-12-02 08:37:59.000000000 -0500 +@@ -283,6 +283,8 @@ + inotify_rm_watch(fd, master_wd); + master_wd = + inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY); ++ if (master_wd == -1) ++ exitApp("Error watching config file."); + } + + /* +@@ -411,7 +413,14 @@ + + if (!ptr) + exitApp("Out of Memory"); ++ + ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO); ++ if (ptr->wd == -1) { ++ free(ptr); ++ syslog(LOG_ERR, "Unable to watch (%s) %s\n", ++ path, strerror(errno)); ++ return; ++ } + + ptr->dir = strdup(dir); + if (!ptr->dir) +diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.57/restorecond/utmpwatcher.c +--- nsapolicycoreutils/restorecond/utmpwatcher.c 2008-09-22 13:25:08.000000000 -0400 ++++ policycoreutils-2.0.57/restorecond/utmpwatcher.c 2008-12-02 08:38:00.000000000 -0500 +@@ -57,7 +57,7 @@ + utmp_ptr = NULL; + FILE *cfg = fopen(utmp_path, "r"); + if (!cfg) +- exitApp("Error reading config file."); ++ exitApp("Error reading utmp file."); + + while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) { + if (u.ut_type == USER_PROCESS) +@@ -69,6 +69,9 @@ + + utmp_wd = + inotify_add_watch(inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY); ++ if (utmp_wd == -1) ++ exitApp("Error watching utmp file."); ++ + if (prev_utmp_ptr) { + changed = strings_list_diff(prev_utmp_ptr, utmp_ptr); + strings_list_free(prev_utmp_ptr); +diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.57/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2008-09-22 13:25:08.000000000 -0400 +++ policycoreutils-2.0.57/scripts/chcat 2008-12-01 15:23:46.000000000 -0500 @@ -291,6 +291,8 @@ @@ -112,7 +161,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po return newcats def translate(cats): -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.57/semanage/seobject.py +diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.57/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2008-09-22 13:25:08.000000000 -0400 +++ policycoreutils-2.0.57/semanage/seobject.py 2008-12-01 15:20:08.000000000 -0500 @@ -35,7 +35,7 @@ diff --git a/policycoreutils.spec b/policycoreutils.spec index 1490994..b020af6 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.57 -Release: 12%{?dist} +Release: 13%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Tue Dec 2 2008 Dan Walsh 2.0.57-12 +- Fix error checking in restorecond, for inotify_add_watch + * Mon Dec 1 2008 Dan Walsh 2.0.57-12 - Fix audit2allow getopt calls - Fix audit2allow error message