+selinux=auto)
+
+libsave="$LIBS"
-+if test x$selinux != no ; then
++if test x$selinux != xno ; then
+ AC_CHECK_HEADERS(selinux/selinux.h)
+ if test x$ac_cv_header_selinux_selinux_h = xno ; then
+ if test x$selinux = xyes ; then
+ fi
+fi
+
-+if test x$selinux != no ; then
++if test x$selinux != xno ; then
+ AC_CHECK_FUNC(setfscreatecon,,[AC_CHECK_LIB(selinux,setfscreatecon)])
+ if test x$ac_cv_func_setfscreatecon = xno ; then
+ if test x$ac_cv_lib_selinux_setfscreatecon = xno ; then
+ fi
+ fi
+fi
-+if test x$selinux != no ; then
++if test x$selinux != xno ; then
+ AC_DEFINE(SELINUX,1,[Define to have makedb set SELinux file contexts on created files.])
+fi
+
AC_CANONICAL_HOST
slibdir=NONE
case "$host" in
-@@ -100,5 +137,6 @@
+@@ -100,6 +137,7 @@
AC_SUBST(DB_CFLAGS)
AC_SUBST(DB_LIBS)
+AC_SUBST(SELINUX_LIBS)
AC_SUBST(slibdir)
- AC_OUTPUT(Makefile)
---- nss_db-2.2/src/Makefile.am 2004-10-20 13:47:22.207986040 -0400
-+++ nss_db-2.2/src/Makefile.am 2004-10-20 13:48:46.242210896 -0400
-@@ -28,7 +28,7 @@
+
+ dnl Internationalization macros.
+--- nss_db-2.2.3pre1/src/Makefile.am~ 2010-02-22 19:20:49.000000000 +0200
++++ nss_db-2.2.3pre1/src/Makefile.am 2010-02-22 19:22:25.691737306 +0200
+@@ -30,7 +30,7 @@
bin_PROGRAMS = makedb
makedb_SOURCES = makedb.c
-makedb_LDADD = db-compat.lo @DB_LIBS@ @INTLLIBS@
-+makedb_LDADD = db-compat.lo @DB_LIBS@ @INTLLIBS@ @SELINUX_LIBS@
++makedb_LDADD = db-compat.lo @DB_LIBS@ @SELINUX_LIBS@ @INTLLIBS@
# To mimmick the old glibc installation as closely as possible, we
# shuffle the installed library and the links to it around a bit,
---- nss_db-2.2/src/makedb.c 2004-10-20 13:52:02.814327392 -0400
-+++ nss_db-2.2/src/makedb.c 2004-10-20 14:06:07.605899552 -0400
+--- nss_db-2.2.3/src/makedb.c 2004-10-20 13:52:02.814327392 -0400
++++ nss_db-2.2.3/src/makedb.c 2004-10-20 14:06:07.605899552 -0400
@@ -32,6 +32,10 @@
#include <string.h>
#include <sys/stat.h>
if (status)
error (EXIT_FAILURE, 0, gettext ("cannot open output file `%s': %s"),
output_name, db_strerror (status));
-@@ -388,3 +400,44 @@
+@@ -388,3 +400,55 @@
return EXIT_SUCCESS;
}
+static void
+set_file_creation_context (const char *outname, mode_t mode)
+{
-+ static int enabled = -1;
++ static int enabled = -1, enforcing = -1;
+ security_context_t ctx;
+ /* Handle the "reset the context" case. */
+ if (outname == NULL)
+ {
+ return;
+ }
-+ /* Determine the context which the file should have. */
-+ ctx = NULL;
-+ if (matchpathcon (outname, S_IFREG | mode, &ctx) != 0)
++ /* Check if SELinux is enforcing, and remember. */
++ if (enforcing == -1)
+ {
-+ error (EXIT_FAILURE, 0,
-+ gettext ("cannot determine file context for `%s'"), outname);
++ enforcing = security_getenforce();
+ }
-+ if (ctx != NULL)
++ /* Determine the context which the file should have. */
++ ctx = NULL;
++ if ((matchpathcon (outname, S_IFREG | mode, &ctx) == 0) &&
++ (ctx != NULL))
+ {
+ if (setfscreatecon (ctx) != 0)
+ {
-+ error (EXIT_FAILURE, 0,
-+ gettext ("cannot set file creation context for `%s'"), outname);
++ if (enforcing)
++ {
++ error (EXIT_FAILURE, 0,
++ gettext ("cannot set file creation context for `%s'"),
++ outname);
++ }
++ else
++ {
++ error (0, 0,
++ gettext ("cannot set file creation context for `%s'"),
++ outname);
++ }
+ }
+ freecon (ctx);
+ }
projects / packages / nss_db.git / commitdiff