1 |
commit: ad671b1fe2adfcedcb518c2c0b7abdba9e3ff158 |
2 |
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com> |
3 |
AuthorDate: Wed Oct 25 08:32:38 2017 +0000 |
4 |
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Nov 4 07:18:33 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad671b1f |
7 |
|
8 |
sys-process/vixie-cron: remove unused patch |
9 |
|
10 |
.../vixie-cron/files/vixie-cron-4.1-selinux.diff | 117 --------------------- |
11 |
1 file changed, 117 deletions(-) |
12 |
|
13 |
diff --git a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux.diff b/sys-process/vixie-cron/files/vixie-cron-4.1-selinux.diff |
14 |
deleted file mode 100644 |
15 |
index a4621e2530d..00000000000 |
16 |
--- a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux.diff |
17 |
+++ /dev/null |
18 |
@@ -1,117 +0,0 @@ |
19 |
---- vixie-cron-3.0.1/Makefile.selinux 2003-05-20 14:52:06.000000000 -0400 |
20 |
-+++ vixie-cron-3.0.1/Makefile 2003-05-20 14:52:21.000000000 -0400 |
21 |
-@@ -71,7 +71,8 @@ LINTFLAGS = -hbxa $(INCLUDE) $(COMPAT) $ |
22 |
- #<<want to use a nonstandard CC?>> |
23 |
- #CC = vcc |
24 |
- #<<manifest defines>> |
25 |
--DEFS = |
26 |
-+DEFS = -s -DWITH_SELINUX |
27 |
-+LIBS += -lselinux |
28 |
- #(SGI IRIX systems need this) |
29 |
- #DEFS = -D_BSD_SIGNALS -Dconst= |
30 |
- #<<the name of the BSD-like install program>> |
31 |
---- vixie-cron-3.0.1/database.c.selinux 2003-05-20 14:52:56.000000000 -0400 |
32 |
-+++ vixie-cron-3.0.1/database.c 2003-05-23 13:27:24.898020960 -0400 |
33 |
-@@ -28,6 +28,15 @@ |
34 |
- |
35 |
- #include "cron.h" |
36 |
- |
37 |
-+#ifdef WITH_SELINUX |
38 |
-+#include <selinux/selinux.h> |
39 |
-+#include <selinux/flask.h> |
40 |
-+#include <selinux/av_permissions.h> |
41 |
-+#define SYSUSERNAME "system_u" |
42 |
-+#else |
43 |
-+#define SYSUSERNAME "*system*" |
44 |
-+#endif |
45 |
-+ |
46 |
- #define TMAX(a,b) ((a)>(b)?(a):(b)) |
47 |
- |
48 |
- static void process_crontab(const char *, const char *, |
49 |
-@@ -217,7 +226,7 @@ |
50 |
- if (fname == NULL) { |
51 |
- /* must be set to something for logging purposes. |
52 |
- */ |
53 |
-- fname = "*system*"; |
54 |
-+ fname = SYSUSERNAME; |
55 |
- } else if ((pw = getpwnam(uname)) == NULL) { |
56 |
- /* file doesn't have a user in passwd file. |
57 |
- */ |
58 |
-@@ -279,6 +288,43 @@ |
59 |
- free_user(u); |
60 |
- log_it(fname, getpid(), "RELOAD", tabname); |
61 |
- } |
62 |
-+#ifdef WITH_SELINUX |
63 |
-+ if (is_selinux_enabled()) { |
64 |
-+ security_context_t file_context=NULL; |
65 |
-+ security_context_t user_context=NULL; |
66 |
-+ struct av_decision avd; |
67 |
-+ int retval=0; |
68 |
-+ |
69 |
-+ if (fgetfilecon(crontab_fd, &file_context) < OK) { |
70 |
-+ log_it(fname, getpid(), "getfilecon FAILED", tabname); |
71 |
-+ goto next_crontab; |
72 |
-+ } |
73 |
-+ |
74 |
-+ /* |
75 |
-+ * Since crontab files are not directly executed, |
76 |
-+ * crond must ensure that the crontab file has |
77 |
-+ * a context that is appropriate for the context of |
78 |
-+ * the user cron job. It performs an entrypoint |
79 |
-+ * permission check for this purpose. |
80 |
-+ */ |
81 |
-+ if (get_default_context(fname, NULL, &user_context)) { |
82 |
-+ log_it(fname, getpid(), "NO CONTEXT", tabname); |
83 |
-+ freecon(file_context); |
84 |
-+ goto next_crontab; |
85 |
-+ } |
86 |
-+ retval = security_compute_av(user_context, |
87 |
-+ file_context, |
88 |
-+ SECCLASS_FILE, |
89 |
-+ FILE__ENTRYPOINT, |
90 |
-+ &avd); |
91 |
-+ freecon(user_context); |
92 |
-+ freecon(file_context); |
93 |
-+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { |
94 |
-+ log_it(fname, getpid(), "ENTRYPOINT FAILED", tabname); |
95 |
-+ goto next_crontab; |
96 |
-+ } |
97 |
-+ } |
98 |
-+#endif |
99 |
- u = load_user(crontab_fd, pw, fname); |
100 |
- if (u != NULL) { |
101 |
- u->mtime = statbuf->st_mtime; |
102 |
---- vixie-cron-3.0.1/do_command.c.selinux 2003-05-20 14:53:12.000000000 -0400 |
103 |
-+++ vixie-cron-3.0.1/do_command.c 2003-05-20 14:58:06.000000000 -0400 |
104 |
-@@ -25,6 +25,10 @@ |
105 |
- |
106 |
- #include "cron.h" |
107 |
- |
108 |
-+#ifdef WITH_SELINUX |
109 |
-+#include <selinux/selinux.h> |
110 |
-+#endif |
111 |
-+ |
112 |
- static void child_process(entry *, user *); |
113 |
- static int safe_p(const char *, const char *); |
114 |
- |
115 |
-@@ -265,6 +269,20 @@ |
116 |
- _exit(OK_EXIT); |
117 |
- } |
118 |
- # endif /*DEBUGGING*/ |
119 |
-+#ifdef WITH_SELINUX |
120 |
-+ if (is_selinux_enabled()) { |
121 |
-+ security_context_t scontext; |
122 |
-+ if (get_default_context(u->name, NULL, &scontext)) { |
123 |
-+ fprintf(stderr, "execle_secure: couldn't get security context for user %s\n", u->name); |
124 |
-+ _exit(ERROR_EXIT); |
125 |
-+ } |
126 |
-+ if (setexeccon(scontext) < 0) { |
127 |
-+ fprintf(stderr, "Could not set exec context to %s for user %s\n", scontext,u->name); |
128 |
-+ _exit(ERROR_EXIT); |
129 |
-+ } |
130 |
-+ freecon(scontext); |
131 |
-+ } |
132 |
-+#endif |
133 |
- execle(shell, shell, "-c", e->cmd, (char *)0, e->envp); |
134 |
- fprintf(stderr, "execl: couldn't exec `%s'\n", shell); |
135 |
- perror("execl"); |