| 1 |
commit: ad671b1fe2adfcedcb518c2c0b7abdba9e3ff158 |
| 2 |
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com> |
| 3 |
AuthorDate: Wed Oct 25 08:32:38 2017 +0000 |
| 4 |
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Nov 4 07:18:33 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad671b1f |
| 7 |
|
| 8 |
sys-process/vixie-cron: remove unused patch |
| 9 |
|
| 10 |
.../vixie-cron/files/vixie-cron-4.1-selinux.diff | 117 --------------------- |
| 11 |
1 file changed, 117 deletions(-) |
| 12 |
|
| 13 |
diff --git a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux.diff b/sys-process/vixie-cron/files/vixie-cron-4.1-selinux.diff |
| 14 |
deleted file mode 100644 |
| 15 |
index a4621e2530d..00000000000 |
| 16 |
--- a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux.diff |
| 17 |
+++ /dev/null |
| 18 |
@@ -1,117 +0,0 @@ |
| 19 |
---- vixie-cron-3.0.1/Makefile.selinux 2003-05-20 14:52:06.000000000 -0400 |
| 20 |
-+++ vixie-cron-3.0.1/Makefile 2003-05-20 14:52:21.000000000 -0400 |
| 21 |
-@@ -71,7 +71,8 @@ LINTFLAGS = -hbxa $(INCLUDE) $(COMPAT) $ |
| 22 |
- #<<want to use a nonstandard CC?>> |
| 23 |
- #CC = vcc |
| 24 |
- #<<manifest defines>> |
| 25 |
--DEFS = |
| 26 |
-+DEFS = -s -DWITH_SELINUX |
| 27 |
-+LIBS += -lselinux |
| 28 |
- #(SGI IRIX systems need this) |
| 29 |
- #DEFS = -D_BSD_SIGNALS -Dconst= |
| 30 |
- #<<the name of the BSD-like install program>> |
| 31 |
---- vixie-cron-3.0.1/database.c.selinux 2003-05-20 14:52:56.000000000 -0400 |
| 32 |
-+++ vixie-cron-3.0.1/database.c 2003-05-23 13:27:24.898020960 -0400 |
| 33 |
-@@ -28,6 +28,15 @@ |
| 34 |
- |
| 35 |
- #include "cron.h" |
| 36 |
- |
| 37 |
-+#ifdef WITH_SELINUX |
| 38 |
-+#include <selinux/selinux.h> |
| 39 |
-+#include <selinux/flask.h> |
| 40 |
-+#include <selinux/av_permissions.h> |
| 41 |
-+#define SYSUSERNAME "system_u" |
| 42 |
-+#else |
| 43 |
-+#define SYSUSERNAME "*system*" |
| 44 |
-+#endif |
| 45 |
-+ |
| 46 |
- #define TMAX(a,b) ((a)>(b)?(a):(b)) |
| 47 |
- |
| 48 |
- static void process_crontab(const char *, const char *, |
| 49 |
-@@ -217,7 +226,7 @@ |
| 50 |
- if (fname == NULL) { |
| 51 |
- /* must be set to something for logging purposes. |
| 52 |
- */ |
| 53 |
-- fname = "*system*"; |
| 54 |
-+ fname = SYSUSERNAME; |
| 55 |
- } else if ((pw = getpwnam(uname)) == NULL) { |
| 56 |
- /* file doesn't have a user in passwd file. |
| 57 |
- */ |
| 58 |
-@@ -279,6 +288,43 @@ |
| 59 |
- free_user(u); |
| 60 |
- log_it(fname, getpid(), "RELOAD", tabname); |
| 61 |
- } |
| 62 |
-+#ifdef WITH_SELINUX |
| 63 |
-+ if (is_selinux_enabled()) { |
| 64 |
-+ security_context_t file_context=NULL; |
| 65 |
-+ security_context_t user_context=NULL; |
| 66 |
-+ struct av_decision avd; |
| 67 |
-+ int retval=0; |
| 68 |
-+ |
| 69 |
-+ if (fgetfilecon(crontab_fd, &file_context) < OK) { |
| 70 |
-+ log_it(fname, getpid(), "getfilecon FAILED", tabname); |
| 71 |
-+ goto next_crontab; |
| 72 |
-+ } |
| 73 |
-+ |
| 74 |
-+ /* |
| 75 |
-+ * Since crontab files are not directly executed, |
| 76 |
-+ * crond must ensure that the crontab file has |
| 77 |
-+ * a context that is appropriate for the context of |
| 78 |
-+ * the user cron job. It performs an entrypoint |
| 79 |
-+ * permission check for this purpose. |
| 80 |
-+ */ |
| 81 |
-+ if (get_default_context(fname, NULL, &user_context)) { |
| 82 |
-+ log_it(fname, getpid(), "NO CONTEXT", tabname); |
| 83 |
-+ freecon(file_context); |
| 84 |
-+ goto next_crontab; |
| 85 |
-+ } |
| 86 |
-+ retval = security_compute_av(user_context, |
| 87 |
-+ file_context, |
| 88 |
-+ SECCLASS_FILE, |
| 89 |
-+ FILE__ENTRYPOINT, |
| 90 |
-+ &avd); |
| 91 |
-+ freecon(user_context); |
| 92 |
-+ freecon(file_context); |
| 93 |
-+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { |
| 94 |
-+ log_it(fname, getpid(), "ENTRYPOINT FAILED", tabname); |
| 95 |
-+ goto next_crontab; |
| 96 |
-+ } |
| 97 |
-+ } |
| 98 |
-+#endif |
| 99 |
- u = load_user(crontab_fd, pw, fname); |
| 100 |
- if (u != NULL) { |
| 101 |
- u->mtime = statbuf->st_mtime; |
| 102 |
---- vixie-cron-3.0.1/do_command.c.selinux 2003-05-20 14:53:12.000000000 -0400 |
| 103 |
-+++ vixie-cron-3.0.1/do_command.c 2003-05-20 14:58:06.000000000 -0400 |
| 104 |
-@@ -25,6 +25,10 @@ |
| 105 |
- |
| 106 |
- #include "cron.h" |
| 107 |
- |
| 108 |
-+#ifdef WITH_SELINUX |
| 109 |
-+#include <selinux/selinux.h> |
| 110 |
-+#endif |
| 111 |
-+ |
| 112 |
- static void child_process(entry *, user *); |
| 113 |
- static int safe_p(const char *, const char *); |
| 114 |
- |
| 115 |
-@@ -265,6 +269,20 @@ |
| 116 |
- _exit(OK_EXIT); |
| 117 |
- } |
| 118 |
- # endif /*DEBUGGING*/ |
| 119 |
-+#ifdef WITH_SELINUX |
| 120 |
-+ if (is_selinux_enabled()) { |
| 121 |
-+ security_context_t scontext; |
| 122 |
-+ if (get_default_context(u->name, NULL, &scontext)) { |
| 123 |
-+ fprintf(stderr, "execle_secure: couldn't get security context for user %s\n", u->name); |
| 124 |
-+ _exit(ERROR_EXIT); |
| 125 |
-+ } |
| 126 |
-+ if (setexeccon(scontext) < 0) { |
| 127 |
-+ fprintf(stderr, "Could not set exec context to %s for user %s\n", scontext,u->name); |
| 128 |
-+ _exit(ERROR_EXIT); |
| 129 |
-+ } |
| 130 |
-+ freecon(scontext); |
| 131 |
-+ } |
| 132 |
-+#endif |
| 133 |
- execle(shell, shell, "-c", e->cmd, (char *)0, e->envp); |
| 134 |
- fprintf(stderr, "execl: couldn't exec `%s'\n", shell); |
| 135 |
- perror("execl"); |
Archives