patch/patches/patch-selinux.patch

   1 diff -up patch-2.6.1/Makefile.in.selinux patch-2.6.1/Makefile.in
   2 --- patch-2.6.1/Makefile.in.selinux     2011-02-08 11:29:34.590271489 +0000
   3 +++ patch-2.6.1/Makefile.in     2011-02-08 11:29:34.602271607 +0000
   4 @@ -40,7 +40,7 @@ EXEEXT = @EXEEXT@
   5  LDFLAGS = @LDFLAGS@
   6  LIBOBJDIR = gl/lib/
   7  LIBOBJS = @LIBOBJS@ ${LIBOBJDIR}full-write$U.o
   8 -LIBS = @LIBS@
   9 +LIBS = @LIBS@ -lselinux
  10  OBJEXT = @OBJEXT@
  11  PACKAGE_NAME = @PACKAGE_NAME@
  12  PACKAGE_VERSION = @PACKAGE_VERSION@
  13 diff -up patch-2.6.1/src/common.h.selinux patch-2.6.1/src/common.h
  14 --- patch-2.6.1/src/common.h.selinux    2009-12-30 12:56:30.000000000 +0000
  15 +++ patch-2.6.1/src/common.h    2011-02-08 11:29:34.602271607 +0000
  16 @@ -32,6 +32,8 @@
  17  #include <sys/types.h>
  18  #include <time.h>
  19
  20 +#include <selinux/selinux.h>
  21 +
  22  #include <sys/stat.h>
  23  #if ! defined S_ISDIR && defined S_IFDIR
  24  # define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
  25 @@ -118,6 +120,7 @@ XTERN char *outfile;
  26  XTERN int inerrno;
  27  XTERN int invc;
  28  XTERN struct stat instat;
  29 +XTERN security_context_t incontext;
  30  XTERN bool dry_run;
  31  XTERN bool posixly_correct;
  32
  33 diff -up patch-2.6.1/src/inp.c.selinux patch-2.6.1/src/inp.c
  34 --- patch-2.6.1/src/inp.c.selinux       2011-02-08 11:29:34.576271352 +0000
  35 +++ patch-2.6.1/src/inp.c       2011-02-08 11:29:34.604271627 +0000
  36 @@ -152,8 +152,18 @@ get_input_file (char const *filename, ch
  37      char *diffbuf;
  38      char *getbuf;
  39
  40 -    if (inerrno == -1)
  41 -      inerrno = stat (filename, &instat) == 0 ? 0 : errno;
  42 +    inerrno = stat (filename, &instat) == 0 ? 0 : errno;
  43 +    if (inerrno == 0)
  44 +      {
  45 +        inerrno = getfilecon (inname, &incontext) == -1 ? errno : 0;
  46 +        if (inerrno == ENODATA || inerrno == ENOTSUP)
  47 +          {
  48 +       inerrno = 0;
  49 +       incontext = NULL;
  50 +          }
  51 +      }
  52 +    else
  53 +      incontext = NULL;
  54
  55      /* Perhaps look for RCS or SCCS versions.  */
  56      if (patch_get
  57 @@ -197,7 +207,7 @@ get_input_file (char const *filename, ch
  58             }
  59
  60             if (cs && version_get (filename, cs, ! inerrno, elsewhere, getbuf,
  61 -                                  &instat))
  62 +                                  &instat, &incontext))
  63               inerrno = 0;
  64
  65             free (getbuf);
  66 @@ -209,6 +219,7 @@ get_input_file (char const *filename, ch
  67        {
  68         instat.st_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
  69         instat.st_size = 0;
  70 +       incontext = NULL;
  71        }
  72      else if (! S_ISREG (instat.st_mode))
  73        fatal ("File %s is not a regular file -- can't patch",
  74 diff -up patch-2.6.1/src/patch.c.selinux patch-2.6.1/src/patch.c
  75 --- patch-2.6.1/src/patch.c.selinux     2011-02-08 11:29:34.586271450 +0000
  76 +++ patch-2.6.1/src/patch.c     2011-02-08 11:29:34.606271646 +0000
  77 @@ -421,6 +421,21 @@ main (int argc, char **argv)
  78                               /* Fails if we are not in group instat.st_gid.  */
  79                               chown (outname, -1, instat.st_gid);
  80                             }
  81 +
  82 +                         if (! inerrno && incontext)
  83 +                           {
  84 +                             security_context_t outcontext;
  85 +                             if (getfilecon (outname, &outcontext) != -1 &&
  86 +                                 outcontext &&
  87 +                                 strcmp(outcontext, incontext) &&
  88 +                                 setfilecon (outname, incontext) != 0)
  89 +                               {
  90 +                                 if (errno != ENOTSUP && errno != EPERM)
  91 +                                   pfatal ("Can't set security context "
  92 +                                           "on file %s", quotearg (outname));
  93 +                               }
  94 +                           }
  95 +
  96                           /* FIXME: There may be other attributes to preserve.  */
  97                         }
  98                     }
  99 diff -up patch-2.6.1/src/pch.c.selinux patch-2.6.1/src/pch.c
 100 --- patch-2.6.1/src/pch.c.selinux       2011-02-08 11:29:34.591271499 +0000
 101 +++ patch-2.6.1/src/pch.c       2011-02-08 11:30:08.810621570 +0000
 102 @@ -307,7 +307,12 @@ there_is_another_patch (bool need_header
 103             inname[t - buf - 1] = 0;
 104             if (stat (inname, &instat) == 0)
 105               {
 106 -               inerrno = 0;
 107 +               inerrno = getfilecon (inname, &incontext) == -1 ? errno : 0;
 108 +               if (inerrno == ENODATA || inerrno == ENOTSUP)
 109 +                 {
 110 +                   inerrno = 0;
 111 +                   incontext = NULL;
 112 +                 }
 113                 invc = -1;
 114               }
 115             else
 116 @@ -681,7 +686,7 @@ intuit_diff_type (bool need_header)
 117                           if (cs)
 118                             {
 119                               if (version_get (p_name[i], cs, false, readonly,
 120 -                                              getbuf, &st[i]))
 121 +                                              getbuf, &st[i], NULL))
 122                                 stat_errno[i] = 0;
 123                               else
 124                                 version_controlled[i] = 0;
 125 @@ -746,6 +751,7 @@ intuit_diff_type (bool need_header)
 126         invc = version_controlled[i];
 127         instat = st[i];
 128         validate_target_name (inname);
 129 +       getfilecon (inname, &incontext);
 130        }
 131
 132      return retval;
 133 diff -up patch-2.6.1/src/util.c.selinux patch-2.6.1/src/util.c
 134 --- patch-2.6.1/src/util.c.selinux      2009-11-02 19:09:57.000000000 +0000
 135 +++ patch-2.6.1/src/util.c      2011-02-08 11:29:34.613271715 +0000
 136 @@ -574,7 +574,8 @@ version_controller (char const *filename
 137     Return true if successful.  */
 138  bool
 139  version_get (char const *filename, char const *cs, bool exists, bool readonly,
 140 -            char const *getbuf, struct stat *filestat)
 141 +            char const *getbuf, struct stat *filestat,
 142 +            security_context_t *filecontext)
 143  {
 144    if (patch_get < 0)
 145      {
 146 @@ -599,6 +600,13 @@ version_get (char const *filename, char
 147         fatal ("Can't get file %s from %s", quotearg (filename), cs);
 148        if (stat (filename, filestat) != 0)
 149         pfatal ("%s", quotearg (filename));
 150 +      if (filecontext && getfilecon (filename, filecontext) == -1)
 151 +       {
 152 +         if (errno == ENODATA || errno == ENOTSUP)
 153 +           *filecontext = NULL;
 154 +         else
 155 +           pfatal ("%s", quotearg (filename));
 156 +       }
 157      }
 158
 159    return 1;
 160 diff -up patch-2.6.1/src/util.h.selinux patch-2.6.1/src/util.h
 161 --- patch-2.6.1/src/util.h.selinux      2009-11-02 19:09:57.000000000 +0000
 162 +++ patch-2.6.1/src/util.h      2011-02-08 11:29:34.614271726 +0000
 163 @@ -51,7 +51,7 @@ char *fetchname (char *, int, char **, t
 164  char *savebuf (char const *, size_t);
 165  char *savestr (char const *);
 166  char const *version_controller (char const *, bool, struct stat const *, char **, char **);
 167 -bool version_get (char const *, char const *, bool, bool, char const *, struct stat *);
 168 +bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *);
 169  int create_file (char const *, int, mode_t, bool);
 170  int systemic (char const *);
 171  char *format_linenum (char[LINENUM_LENGTH_BOUND + 1], LINENUM);