dpkg (1.13.10) unstable; urgency=low

The "Bully's Special Prize" Release. * Removed /usr/sbin/start-stop-daemon. Closes: #313400. * Fixed md5sum diversion removal. Closes: #313415. * Fixed dpkg-source to handle native tarballs with a Debian revision. Closes: #313381, #313433. * Fixed upgrade from pre-sarge dpkg outside of dselect. Closes: #314575. * Changed log times to be local rather than UTC. Closes: #313347. * Changed log writing to be line-buffered. Closes: #314550. * Moved log creation to postinst, and don't fail if base-passwd hasn't been configured yet. Closes: #316084. * Don't try to compile in SELinux support on Hurd. Closes: #313398. * Place code for SELinux support in the right place so it will actually get compiled in and used (Manoj Srivastava). Closes: #314886. * Documentation: - Added missing word to dpkg-architecture manpage. Closes: #313554. - Reference to dpkg manpage in dpkg.cfg corrected. Closes: #314262. * Updated Translations (Christian Perrier): - Basque (Piarres Beobide Egana). Closes: #313474. - Catalan (Jordi Mallach). Closes: #313288. - Czech (Miroslav Kure). Closes: #314431. - Danish (Claus Hindsgaul). - French (Christian Perrier). - German (Jens Seidel). Closes: #314125. - Greek (Greek team). Closes: #314828. - Italian (Lele Gaifax). - Japanese (Kenshi Muto). Closes: #313330. - Russian (Yuri Kozlov). Closes: #313620. * Hebrew translation de-activated on request of the translator until there is better support for RTL languages. Closes: #313282. -- Scott James Remnant <scott@netsplit.com> Tue, 28 Jun 2005 14:19:06 +0100
author: Scott James Remnant <scott@netsplit.com> 2005-06-28 14:19:06 +0100
committer: Scott James Remnant <scott@netsplit.com> 2005-06-28 14:19:06 +0100
commit: baa3c192761f69c5413d230c26fd2f56d79f7193 (patch)
tree: 3dc47cbc4e66a665a8853c6098d149b5cfff0132 /src
parent: 3748a23e47c1af76f291f3c4caa98eefc45ff508 (diff)
download: dpkg-baa3c192761f69c5413d230c26fd2f56d79f7193.tar.gz
1 files changed, 62 insertions, 0 deletions
diff --git a/src/archives.c b/src/archives.c
index d57f69322..3c8b78e64 100644
--- a/src/archives.c
+++ b/src/archives.c
@@ -43,6 +43,12 @@
 #include <tarfn.h>
 #include <myopt.h>
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+static int selinux_enabled=-1;
+static security_context_t scontext    = NULL;
+#endif
+
 #include "filesdb.h"
 #include "main.h"
 #include "archives.h"
@@ -515,6 +521,38 @@ int tarobject(struct TarInfo *ti) {
    */
   push_cleanup(cu_installnew,~ehflag_normaltidy, 0,0, 1,(void*)nifd);
 
+#ifdef WITH_SELINUX
+  /* Set selinux_enabled if it is not already set (singleton) */
+  if (selinux_enabled < 0)
+    selinux_enabled = (is_selinux_enabled() > 0);
+
+  /* Since selinux is enabled, try and set the context */
+  if (selinux_enabled > 0) {
+    /*
+     * well, we could use
+     *   void set_matchpathcon_printf(void (*f)(const char *fmt, ...));
+     * to redirect the errors from the following bit, but that
+     * seems too much effort.
+     */
+
+    /*
+     * Do nothing if we can't figure out what the context is,
+     * or if it has no context; in which case the default
+     * context shall be applied.
+     */
+    if( ! ((matchpathcon(fnamevb.buf,
+                         (nifd->namenode->statoverride ?
+                          nifd->namenode->statoverride->mode : ti->Mode)
+                         & ~S_IFMT, &scontext) != 0) ||
+           (strcmp(scontext, "<<none>>") == 0)))
+     {
+       if(setfscreatecon(scontext) < 0)
+	 perror("Error setting security context for file object:");
+     }
+  }
+#endif /* WITH_SELINUX */
+
+
   /* Extract whatever it is as .dpkg-new ... */
   switch (ti->Type) {
   case NormalFile0: case NormalFile1:
@@ -655,9 +693,33 @@ int tarobject(struct TarInfo *ti) {
     }
   }
 
+#ifdef WITH_SELINUX
+  /*
+   * if selinux is enabled, try and set the default security context
+   * for the renamed file
+   */
+  if (selinux_enabled > 0)
+    if(scontext) {
+       if(setfscreatecon(scontext) < 0)
+         perror("Error setting security context for next file object:");
+       freecon(scontext);
+     }
+        
+#endif /* WITH_SELINUX */
+
   if (rename(fnamenewvb.buf,fnamevb.buf))
     ohshite(_("unable to install new version of `%.255s'"),ti->Name);
 
+#ifdef WITH_SELINUX
+  /*
+   * if selinux is enabled, restore the default security context
+   */
+  if (selinux_enabled > 0)
+    if(setfscreatecon(NULL) < 0)
+      perror("Error restoring default security context:");
+#endif /* WITH_SELINUX */
+
+
   nifd->namenode->flags |= fnnf_elide_other_lists;
 
   debug(dbg_eachfiledetail,"tarobject done and installed");
author	Scott James Remnant <scott@netsplit.com>	2005-06-28 14:19:06 +0100
committer	Scott James Remnant <scott@netsplit.com>	2005-06-28 14:19:06 +0100
commit	baa3c192761f69c5413d230c26fd2f56d79f7193 (patch)
tree	3dc47cbc4e66a665a8853c6098d149b5cfff0132 /src
parent	3748a23e47c1af76f291f3c4caa98eefc45ff508 (diff)
download	dpkg-baa3c192761f69c5413d230c26fd2f56d79f7193.tar.gz