libsemanage: fix incorrect path for nologin

shadow package of oe-core and Debian has installed nologin into
/usr/sbin, so fix this path.

Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>

3 files changed, 43 insertions, 4 deletions

diff --git a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
new file mode 100644
index 0000000..7ce586b
--- /dev/null
+++ b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
@@ -0,0 +1,37 @@
+Subject: [PATCH] libsemange: fix incorrect path for nologin
+
+shadow package of oe-core and Debian has installed nologin into
+/usr/sbin, so fix this path.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
+---
+ src/genhomedircon.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/genhomedircon.c b/src/genhomedircon.c
+index 262a6cd..a50e03d 100644
+--- a/src/genhomedircon.c
++++ b/src/genhomedircon.c
+@@ -58,7 +58,7 @@
+ 
+ /* other paths */
+ #define PATH_SHELLS_FILE "/etc/shells"
+-#define PATH_NOLOGIN_SHELL "/sbin/nologin"
++#define PATH_NOLOGIN_SHELL "/usr/sbin/nologin"
+ 
+ /* comments written to context file */
+ #define COMMENT_FILE_CONTEXT_HEADER "#\n#\n# " \
+@@ -392,7 +392,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
+ 
+                        /* NOTE: old genhomedircon printed a warning on match */
+                        if (hand.matched) {
+-                               WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid);
++                               WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or its login shell is /usr/sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid);
+                        } else {
+                                if (semanage_list_push(&homedir_list, path))
+                                        goto fail;
+-- 
+1.7.9.5
+
diff --git a/recipes-security/selinux/libsemanage_2.1.6.bb b/recipes-security/selinux/libsemanage_2.1.6.bb
index a6825ff..978e72e 100644
--- a/recipes-security/selinux/libsemanage_2.1.6.bb
+++ b/recipes-security/selinux/libsemanage_2.1.6.bb
@@ -1,4 +1,4 @@
-PR = "r3"
+PR = "r4"
 
 include selinux_20120216.inc
 include ${BPN}.inc
@@ -11,4 +11,5 @@ SRC_URI[sha256sum] = "64e6849fe50fb463ec0ba24653a26e3452fa4aaa7d7e192213d5c5a7c5
 SRC_URI += "file://Fix-segfault-for-standard-policy.patch \
         file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
         file://libsemanage-semanage.conf-for-cross-compile.patch \
-        file://libsemanage-fix-path-len-limit.patch"
+        file://libsemanage-fix-path-len-limit.patch \
+        file://libsemanage-fix-path-nologin.patch"
diff --git a/recipes-security/selinux/libsemanage_git.bb b/recipes-security/selinux/libsemanage_git.bb
index be4623d..562512c 100644
--- a/recipes-security/selinux/libsemanage_git.bb
+++ b/recipes-security/selinux/libsemanage_git.bb
@@ -1,4 +1,4 @@
-PR = "r3"
+PR = "r4"
 PV = "2.1.6+git${SRCPV}"
 
 include selinux_git.inc
@@ -9,4 +9,5 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
 SRC_URI += "file://Fix-segfault-for-standard-policy.patch \
         file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
         file://libsemanage-semanage.conf-for-cross-compile.patch \
-        file://libsemanage-fix-path-len-limit.patch"
+        file://libsemanage-fix-path-len-limit.patch \
+        file://libsemanage-fix-path-nologin.patch"