+++ /dev/null
-diff -up logrotate-3.7.6/logrotate.c.selinux logrotate-3.7.6/logrotate.c
---- logrotate-3.7.6/logrotate.c.selinux 2007-08-07 09:14:35.000000000 +0200
-+++ logrotate-3.7.6/logrotate.c 2008-01-21 09:32:56.000000000 +0100
-@@ -409,15 +409,17 @@ static int copyTruncate(char *currLog, c
- }
- #ifdef WITH_SELINUX
- if (selinux_enabled) {
-- security_context_t oldContext;
-+ security_context_t oldContext = NULL;
- if (fgetfilecon_raw(fdcurr, &oldContext) >= 0) {
- if (getfscreatecon_raw(&prev_context) < 0) {
- message(MESS_ERROR,
- "getting default context: %s\n",
- strerror(errno));
- if (selinux_enforce) {
-- freecon(oldContext);
-- return 1;
-+ if (oldContext != NULL) {
-+ freecon(oldContext);
-+ }
-+ return 1;
- }
- }
- if (setfscreatecon_raw(oldContext) < 0) {
-@@ -425,11 +427,15 @@ static int copyTruncate(char *currLog, c
- "setting file context %s to %s: %s\n",
- saveLog, oldContext, strerror(errno));
- if (selinux_enforce) {
-- freecon(oldContext);
-- return 1;
-+ if (oldContext != NULL) {
-+ freecon(oldContext);
-+ }
-+ return 1;
- }
- }
-- freecon(oldContext);
-+ if (oldContext != NULL) {
-+ freecon(oldContext);
-+ }
- } else {
- if (errno != ENOTSUP) {
- message(MESS_ERROR, "getting file context %s: %s\n",
-@@ -899,6 +905,9 @@ int rotateSingleLog(logInfo * log, int l
- int hasErrors = 0;
- struct stat sb;
- int fd;
-+#ifdef WITH_SELINUX
-+ security_context_t savedContext = NULL;
-+#endif
-
- if (!state->doRotate)
- return 0;
-@@ -906,7 +915,57 @@ int rotateSingleLog(logInfo * log, int l
- if (!hasErrors) {
-
- if (!(log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))) {
-- message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
-+#ifdef WITH_SELINUX
-+ if (selinux_enabled) {
-+ security_context_t oldContext = NULL;
-+ int fdcurr = -1;
-+
-+ if ((fdcurr = open(log->files[logNum], O_RDWR)) < 0) {
-+ message(MESS_ERROR, "error opening %s: %s\n",
-+ log->files[logNum],
-+ strerror(errno));
-+ return 1;
-+ }
-+ if (fgetfilecon_raw(fdcurr, &oldContext) >= 0) {
-+ if (getfscreatecon_raw(&savedContext) < 0) {
-+ message(MESS_ERROR,
-+ "getting default context: %s\n",
-+ strerror(errno));
-+ if (selinux_enforce) {
-+ if (oldContext != NULL) {
-+ freecon(oldContext);
-+ }
-+ return 1;
-+ }
-+ }
-+ if (setfscreatecon_raw(oldContext) < 0) {
-+ message(MESS_ERROR,
-+ "setting file context %s to %s: %s\n",
-+ log->files[logNum], oldContext, strerror(errno));
-+ if (selinux_enforce) {
-+ if (oldContext != NULL) {
-+ freecon(oldContext);
-+ }
-+ return 1;
-+ }
-+ }
-+ message(MESS_DEBUG, "fscreate context set to %s\n",
-+ oldContext);
-+ if (oldContext != NULL) {
-+ freecon(oldContext);
-+ }
-+ } else {
-+ if (errno != ENOTSUP) {
-+ message(MESS_ERROR, "getting file context %s: %s\n",
-+ log->files[logNum], strerror(errno));
-+ if (selinux_enforce) {
-+ return 1;
-+ }
-+ }
-+ }
-+ }
-+#endif
-+ message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum],
- rotNames->finalName);
-
- if (!debug && !hasErrors &&
-@@ -961,6 +1020,15 @@ int rotateSingleLog(logInfo * log, int l
- close(fd);
- }
- }
-+#ifdef WITH_SELINUX
-+ if (selinux_enabled) {
-+ setfscreatecon_raw(savedContext);
-+ if (savedContext != NULL) {
-+ freecon(savedContext);
-+ savedContext = NULL;
-+ }
-+ }
-+#endif
-
- if (!hasErrors
- && log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))
projects / packages / logrotate.git / commitdiff