diff options
Diffstat (limited to 'debian/patches/cppw-add-selinux-support.patch')
-rw-r--r-- | debian/patches/cppw-add-selinux-support.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/debian/patches/cppw-add-selinux-support.patch b/debian/patches/cppw-add-selinux-support.patch new file mode 100644 index 0000000..0e0566d --- /dev/null +++ b/debian/patches/cppw-add-selinux-support.patch @@ -0,0 +1,65 @@ +From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> +Date: Sat, 22 Jun 2024 17:39:41 +0200 +Subject: cppw: add selinux support + +Status wrt upstream: cppw is not available upstream. +Needs to be reviewed by an SE-Linux aware person. + +Gbp-Topic: debian +--- + src/cppw.c | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +diff --git a/src/cppw.c b/src/cppw.c +index beb4c36..2cbbbc0 100644 +--- a/src/cppw.c ++++ b/src/cppw.c +@@ -34,6 +34,9 @@ + #include <sys/types.h> + #include <signal.h> + #include <utime.h> ++#ifdef WITH_SELINUX ++#include <selinux/selinux.h> ++#endif /* WITH_SELINUX */ + #include "exitcodes.h" + #include "prototypes.h" + #include "pwio.h" +@@ -139,6 +142,22 @@ static void cppwcopy (const char *file, + if (access (file, F_OK) != 0) { + cppwexit (file, 1, 1); + } ++#ifdef WITH_SELINUX ++ /* if SE Linux is enabled then set the context of all new files ++ * to be the context of the file we are editing */ ++ if (is_selinux_enabled () > 0) { ++ security_context_t passwd_context=NULL; ++ int ret = 0; ++ if (getfilecon (file, &passwd_context) < 0) { ++ cppwexit (_("Couldn't get file context"), errno, 1); ++ } ++ ret = setfscreatecon (passwd_context); ++ freecon (passwd_context); ++ if (0 != ret) { ++ cppwexit (_("setfscreatecon () failed"), errno, 1); ++ } ++ } ++#endif /* WITH_SELINUX */ + if (file_lock () == 0) { + cppwexit (_("Couldn't lock file"), 0, 5); + } +@@ -167,6 +186,15 @@ static void cppwcopy (const char *file, + cppwexit (NULL,0,1); + } + ++#ifdef WITH_SELINUX ++ /* unset the fscreatecon */ ++ if (is_selinux_enabled () > 0) { ++ if (setfscreatecon (NULL)) { ++ cppwexit (_("setfscreatecon() failed"), errno, 1); ++ } ++ } ++#endif /* WITH_SELINUX */ ++ + (*file_unlock) (); + } + |