diff options
Diffstat (limited to 'sys-process')
-rw-r--r-- | sys-process/vixie-cron/ChangeLog | 10 | ||||
-rw-r--r-- | sys-process/vixie-cron/files/vixie-cron-3.0.1-selinux.diff | 134 | ||||
-rw-r--r-- | sys-process/vixie-cron/files/vixie-cron-3.0.1-selinux.diff.bz2 | bin | 1853 -> 0 bytes | |||
-rw-r--r-- | sys-process/vixie-cron/vixie-cron-3.0.1-r4.ebuild | 6 | ||||
-rw-r--r-- | sys-process/vixie-cron/vixie-cron-3.0.1-r5.ebuild | 6 |
5 files changed, 148 insertions, 8 deletions
diff --git a/sys-process/vixie-cron/ChangeLog b/sys-process/vixie-cron/ChangeLog index 7c9627b67036..c5133c0488f0 100644 --- a/sys-process/vixie-cron/ChangeLog +++ b/sys-process/vixie-cron/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-process/vixie-cron -# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/ChangeLog,v 1.22 2005/12/25 15:39:49 flameeyes Exp $ +# Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/ChangeLog,v 1.23 2006/01/28 18:53:32 blubb Exp $ + + 28 Jan 2006; Simon Stelling <blubb@gentoo.org> + +files/vixie-cron-3.0.1-selinux.diff, + -files/vixie-cron-3.0.1-selinux.diff.bz2, vixie-cron-3.0.1-r4.ebuild, + vixie-cron-3.0.1-r5.ebuild: + no need to bzip smallish patches 25 Dec 2005; Diego Pettenò <flameeyes@gentoo.org> vixie-cron-4.1-r8.ebuild: diff --git a/sys-process/vixie-cron/files/vixie-cron-3.0.1-selinux.diff b/sys-process/vixie-cron/files/vixie-cron-3.0.1-selinux.diff new file mode 100644 index 000000000000..eb8111986bf9 --- /dev/null +++ b/sys-process/vixie-cron/files/vixie-cron-3.0.1-selinux.diff @@ -0,0 +1,134 @@ +--- vixie-cron-3.0.1/Makefile.selinux 2003-05-20 14:52:06.000000000 -0400 ++++ vixie-cron-3.0.1/Makefile 2003-05-20 14:52:21.000000000 -0400 +@@ -71,7 +71,8 @@ LINTFLAGS = -hbxa $(INCLUDE) $(COMPAT) $ + #<<want to use a nonstandard CC?>> + #CC = vcc + #<<manifest defines>> +-DEFS = -s ++DEFS = -s -DWITH_SELINUX ++LIBS += -lselinux + #(SGI IRIX systems need this) + #DEFS = -D_BSD_SIGNALS -Dconst= + #<<the name of the BSD-like install program>> +--- vixie-cron-3.0.1/database.c.selinux 2003-05-20 14:52:56.000000000 -0400 ++++ vixie-cron-3.0.1/database.c 2003-05-23 13:27:24.898020960 -0400 +@@ -28,6 +28,15 @@ static char rcsid[] = "$Id: database.c,v + #include <sys/stat.h> + #include <sys/file.h> + ++#ifdef WITH_SELINUX ++#include <selinux/selinux.h> ++#include <selinux/flask.h> ++#include <selinux/av_permissions.h> ++#define SYSUSERNAME "system_u" ++#else ++#define SYSUSERNAME "*system*" ++#endif ++ + + #define TMAX(a,b) ((a)>(b)?(a):(b)) + +@@ -94,7 +103,7 @@ load_database(old_db) + new_db.head = new_db.tail = NULL; + + if (syscron_stat.st_mtime) { +- process_crontab("root", "*system*", ++ process_crontab("root", SYSUSERNAME, + SYSCRONTAB, &syscron_stat, + &new_db, old_db); + } +@@ -136,7 +145,7 @@ load_database(old_db) + + snprintf(tabname, MAXNAMLEN+1, "/etc/cron.d/%s", fname); + +- process_crontab("root", "*system*", tabname, ++ process_crontab("root", SYSUSERNAME, tabname, + &crond_stat, &new_db, old_db); + } + closedir(dir); +@@ -253,7 +262,7 @@ process_crontab(uname, fname, tabname, s + int crontab_fd = OK - 1; + user *u; + +- if (strcmp(fname, "*system*") && !(pw = getpwnam(uname))) { ++ if (strcmp(fname, SYSUSERNAME) && !(pw = getpwnam(uname))) { + /* file doesn't have a user in passwd file. + */ + log_it(fname, getpid(), "ORPHAN", "no passwd entry"); +@@ -297,6 +306,43 @@ process_crontab(uname, fname, tabname, s + free_user(u); + log_it(fname, getpid(), "RELOAD", tabname); + } ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled()) { ++ security_context_t file_context=NULL; ++ security_context_t user_context=NULL; ++ struct av_decision avd; ++ int retval=0; ++ ++ if (fgetfilecon(crontab_fd, &file_context) < OK) { ++ log_it(fname, getpid(), "getfilecon FAILED", tabname); ++ goto next_crontab; ++ } ++ ++ /* ++ * Since crontab files are not directly executed, ++ * crond must ensure that the crontab file has ++ * a context that is appropriate for the context of ++ * the user cron job. It performs an entrypoint ++ * permission check for this purpose. ++ */ ++ if (get_default_context(fname, NULL, &user_context)) { ++ log_it(fname, getpid(), "NO CONTEXT", tabname); ++ freecon(file_context); ++ goto next_crontab; ++ } ++ retval = security_compute_av(user_context, ++ file_context, ++ SECCLASS_FILE, ++ FILE__ENTRYPOINT, ++ &avd); ++ freecon(user_context); ++ freecon(file_context); ++ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { ++ log_it(fname, getpid(), "ENTRYPOINT FAILED", tabname); ++ goto next_crontab; ++ } ++ } ++#endif + u = load_user(crontab_fd, pw, fname); + if (u != NULL) { + u->mtime = statbuf->st_mtime; +--- vixie-cron-3.0.1/do_command.c.selinux 2003-05-20 14:53:12.000000000 -0400 ++++ vixie-cron-3.0.1/do_command.c 2003-05-20 14:58:06.000000000 -0400 +@@ -29,6 +29,9 @@ static char rcsid[] = "$Id: do_command.c + # include <syslog.h> + #endif + ++#ifdef WITH_SELINUX ++#include <selinux/selinux.h> ++#endif + + static void child_process __P((entry *, user *)), + do_univ __P((user *)); +@@ -251,6 +254,20 @@ child_process(e, u) + */ + (void) signal(SIGCHLD, SIG_DFL); + #endif ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled()) { ++ security_context_t scontext; ++ if (get_default_context(u->name, NULL, &scontext)) { ++ fprintf(stderr, "execle_secure: couldn't get security context for user %s\n", u->name); ++ _exit(ERROR_EXIT); ++ } ++ if (setexeccon(scontext) < 0) { ++ fprintf(stderr, "Could not set exec context to %s for user %s\n", scontext,u->name); ++ _exit(ERROR_EXIT); ++ } ++ freecon(scontext); ++ } ++#endif + execle(shell, shell, "-c", e->cmd, (char *)0, e->envp); + fprintf(stderr, "execl: couldn't exec `%s'\n", shell); + perror("execl"); diff --git a/sys-process/vixie-cron/files/vixie-cron-3.0.1-selinux.diff.bz2 b/sys-process/vixie-cron/files/vixie-cron-3.0.1-selinux.diff.bz2 Binary files differdeleted file mode 100644 index 9fbbcf8d8cd0..000000000000 --- a/sys-process/vixie-cron/files/vixie-cron-3.0.1-selinux.diff.bz2 +++ /dev/null diff --git a/sys-process/vixie-cron/vixie-cron-3.0.1-r4.ebuild b/sys-process/vixie-cron/vixie-cron-3.0.1-r4.ebuild index 67b1825e3147..5b50a7e974c6 100644 --- a/sys-process/vixie-cron/vixie-cron-3.0.1-r4.ebuild +++ b/sys-process/vixie-cron/vixie-cron-3.0.1-r4.ebuild @@ -1,12 +1,12 @@ -# Copyright 1999-2005 Gentoo Foundation +# Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/vixie-cron-3.0.1-r4.ebuild,v 1.1 2005/03/04 23:59:48 ciaranm Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/vixie-cron-3.0.1-r4.ebuild,v 1.2 2006/01/28 18:53:32 blubb Exp $ inherit eutils IUSE="selinux" -SELINUX_PATCH="${P}-selinux.diff.bz2" +SELINUX_PATCH="${P}-selinux.diff" DESCRIPTION="The Vixie cron daemon" HOMEPAGE="http://www.vix.com/" diff --git a/sys-process/vixie-cron/vixie-cron-3.0.1-r5.ebuild b/sys-process/vixie-cron/vixie-cron-3.0.1-r5.ebuild index 5a905fb2ef0e..b93e78689bb9 100644 --- a/sys-process/vixie-cron/vixie-cron-3.0.1-r5.ebuild +++ b/sys-process/vixie-cron/vixie-cron-3.0.1-r5.ebuild @@ -1,12 +1,12 @@ -# Copyright 1999-2005 Gentoo Foundation +# Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/vixie-cron-3.0.1-r5.ebuild,v 1.1 2005/03/04 23:59:48 ciaranm Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/vixie-cron-3.0.1-r5.ebuild,v 1.2 2006/01/28 18:53:32 blubb Exp $ inherit eutils IUSE="selinux pam" -SELINUX_PATCH="${P}-selinux.diff.bz2" +SELINUX_PATCH="${P}-selinux.diff" DESCRIPTION="The Vixie cron daemon" HOMEPAGE="http://www.vix.com/" |