From: Elan Ruusamäe <glen@pld-linux.org>
Date: Mon, 22 Feb 2010 17:23:16 +0000 (+0000)
Subject: - update from fc
X-Git-Tag: auto/ac/nss_db-2_2_3-0_pre1_10~2
X-Git-Url: http://git.pld-linux.org/gitweb.cgi?p=packages%2Fnss_db.git;a=commitdiff_plain;h=0367a2eda93259392540979aa5acdac91e77ab5f

- update from fc

Changed files:
    nss_db-selinux.patch -> 1.2
---

diff --git a/nss_db-selinux.patch b/nss_db-selinux.patch
index 7000025..a8fdaf9 100644
--- a/nss_db-selinux.patch
+++ b/nss_db-selinux.patch
@@ -12,7 +12,7 @@ Note that this does *not* change the context of existing files.
 +selinux=auto)
 +
 +libsave="$LIBS"
-+if test x$selinux != no ; then
++if test x$selinux != xno ; then
 +  AC_CHECK_HEADERS(selinux/selinux.h)
 +  if test x$ac_cv_header_selinux_selinux_h = xno ; then
 +    if test x$selinux = xyes ; then
@@ -24,7 +24,7 @@ Note that this does *not* change the context of existing files.
 +  fi
 +fi
 +
-+if test x$selinux != no ; then
++if test x$selinux != xno ; then
 +  AC_CHECK_FUNC(setfscreatecon,,[AC_CHECK_LIB(selinux,setfscreatecon)])
 +  if test x$ac_cv_func_setfscreatecon = xno ; then
 +    if test x$ac_cv_lib_selinux_setfscreatecon = xno ; then
@@ -37,7 +37,7 @@ Note that this does *not* change the context of existing files.
 +    fi
 +  fi
 +fi
-+if test x$selinux != no ; then
++if test x$selinux != xno ; then
 +  AC_DEFINE(SELINUX,1,[Define to have makedb set SELinux file contexts on created files.])
 +fi
 +
@@ -47,26 +47,27 @@ Note that this does *not* change the context of existing files.
  AC_CANONICAL_HOST
  slibdir=NONE
  case "$host" in
-@@ -100,5 +137,6 @@
+@@ -100,6 +137,7 @@
  
  AC_SUBST(DB_CFLAGS)
  AC_SUBST(DB_LIBS)
 +AC_SUBST(SELINUX_LIBS)
  AC_SUBST(slibdir)
- AC_OUTPUT(Makefile)
---- nss_db-2.2/src/Makefile.am	2004-10-20 13:47:22.207986040 -0400
-+++ nss_db-2.2/src/Makefile.am	2004-10-20 13:48:46.242210896 -0400
-@@ -28,7 +28,7 @@
+ 
+ dnl Internationalization macros.
+--- nss_db-2.2.3pre1/src/Makefile.am~	2010-02-22 19:20:49.000000000 +0200
++++ nss_db-2.2.3pre1/src/Makefile.am	2010-02-22 19:22:25.691737306 +0200
+@@ -30,7 +30,7 @@
  
  bin_PROGRAMS = makedb
  makedb_SOURCES = makedb.c
 -makedb_LDADD = db-compat.lo @DB_LIBS@ @INTLLIBS@
-+makedb_LDADD = db-compat.lo @DB_LIBS@ @INTLLIBS@ @SELINUX_LIBS@
++makedb_LDADD = db-compat.lo @DB_LIBS@ @SELINUX_LIBS@ @INTLLIBS@
  
  # To mimmick the old glibc installation as closely as possible, we
  # shuffle the installed library and the links to it around a bit,
---- nss_db-2.2/src/makedb.c	2004-10-20 13:52:02.814327392 -0400
-+++ nss_db-2.2/src/makedb.c	2004-10-20 14:06:07.605899552 -0400
+--- nss_db-2.2.3/src/makedb.c	2004-10-20 13:52:02.814327392 -0400
++++ nss_db-2.2.3/src/makedb.c	2004-10-20 14:06:07.605899552 -0400
 @@ -32,6 +32,10 @@
  #include <string.h>
  #include <sys/stat.h>
@@ -102,7 +103,7 @@ Note that this does *not* change the context of existing files.
    if (status)
      error (EXIT_FAILURE, 0, gettext ("cannot open output file `%s': %s"),
  	   output_name, db_strerror (status));
-@@ -388,3 +400,44 @@
+@@ -388,3 +400,55 @@
  
    return EXIT_SUCCESS;
  }
@@ -112,7 +113,7 @@ Note that this does *not* change the context of existing files.
 +static void
 +set_file_creation_context (const char *outname, mode_t mode)
 +{
-+  static int enabled = -1;
++  static int enabled = -1, enforcing = -1;
 +  security_context_t ctx;
 +  /* Handle the "reset the context" case. */
 +  if (outname == NULL)
@@ -129,19 +130,30 @@ Note that this does *not* change the context of existing files.
 +    {
 +      return;
 +    }
-+  /* Determine the context which the file should have. */
-+  ctx = NULL;
-+  if (matchpathcon (outname, S_IFREG | mode, &ctx) != 0)
++  /* Check if SELinux is enforcing, and remember. */
++  if (enforcing == -1)
 +    {
-+      error (EXIT_FAILURE, 0,
-+             gettext ("cannot determine file context for `%s'"), outname);
++      enforcing = security_getenforce();
 +    }
-+  if (ctx != NULL)
++  /* Determine the context which the file should have. */
++  ctx = NULL;
++  if ((matchpathcon (outname, S_IFREG | mode, &ctx) == 0) &&
++      (ctx != NULL))
 +    {
 +      if (setfscreatecon (ctx) != 0)
 +        {
-+          error (EXIT_FAILURE, 0,
-+                 gettext ("cannot set file creation context for `%s'"), outname);
++          if (enforcing)
++            {
++              error (EXIT_FAILURE, 0,
++                     gettext ("cannot set file creation context for `%s'"),
++                     outname);
++            }
++          else
++            {
++              error (0, 0,
++                     gettext ("cannot set file creation context for `%s'"),
++                     outname);
++            }
 +        }
 +      freecon (ctx);
 +    }