From 3570272cd765f271ca3b88556759a83d4bedc950 Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Fri, 8 Feb 2013 15:16:07 +0800 Subject: libsemanage: fix incorrect path for nologin shadow package of oe-core and Debian has installed nologin into /usr/sbin, so fix this path. Signed-off-by: Xin Ouyang --- .../libsemanage/libsemanage-fix-path-nologin.patch | 37 ++++++++++++++++++++++ recipes-security/selinux/libsemanage_2.1.6.bb | 5 +-- recipes-security/selinux/libsemanage_git.bb | 5 +-- 3 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch diff --git a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch new file mode 100644 index 0000000..7ce586b --- /dev/null +++ b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch @@ -0,0 +1,37 @@ +Subject: [PATCH] libsemange: fix incorrect path for nologin + +shadow package of oe-core and Debian has installed nologin into +/usr/sbin, so fix this path. + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Xin Ouyang +--- + src/genhomedircon.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/genhomedircon.c b/src/genhomedircon.c +index 262a6cd..a50e03d 100644 +--- a/src/genhomedircon.c ++++ b/src/genhomedircon.c +@@ -58,7 +58,7 @@ + + /* other paths */ + #define PATH_SHELLS_FILE "/etc/shells" +-#define PATH_NOLOGIN_SHELL "/sbin/nologin" ++#define PATH_NOLOGIN_SHELL "/usr/sbin/nologin" + + /* comments written to context file */ + #define COMMENT_FILE_CONTEXT_HEADER "#\n#\n# " \ +@@ -392,7 +392,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s) + + /* NOTE: old genhomedircon printed a warning on match */ + if (hand.matched) { +- WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid); ++ WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or its login shell is /usr/sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid); + } else { + if (semanage_list_push(&homedir_list, path)) + goto fail; +-- +1.7.9.5 + diff --git a/recipes-security/selinux/libsemanage_2.1.6.bb b/recipes-security/selinux/libsemanage_2.1.6.bb index a6825ff..978e72e 100644 --- a/recipes-security/selinux/libsemanage_2.1.6.bb +++ b/recipes-security/selinux/libsemanage_2.1.6.bb @@ -1,4 +1,4 @@ -PR = "r3" +PR = "r4" include selinux_20120216.inc include ${BPN}.inc @@ -11,4 +11,5 @@ SRC_URI[sha256sum] = "64e6849fe50fb463ec0ba24653a26e3452fa4aaa7d7e192213d5c5a7c5 SRC_URI += "file://Fix-segfault-for-standard-policy.patch \ file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \ file://libsemanage-semanage.conf-for-cross-compile.patch \ - file://libsemanage-fix-path-len-limit.patch" + file://libsemanage-fix-path-len-limit.patch \ + file://libsemanage-fix-path-nologin.patch" diff --git a/recipes-security/selinux/libsemanage_git.bb b/recipes-security/selinux/libsemanage_git.bb index be4623d..562512c 100644 --- a/recipes-security/selinux/libsemanage_git.bb +++ b/recipes-security/selinux/libsemanage_git.bb @@ -1,4 +1,4 @@ -PR = "r3" +PR = "r4" PV = "2.1.6+git${SRCPV}" include selinux_git.inc @@ -9,4 +9,5 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343" SRC_URI += "file://Fix-segfault-for-standard-policy.patch \ file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \ file://libsemanage-semanage.conf-for-cross-compile.patch \ - file://libsemanage-fix-path-len-limit.patch" + file://libsemanage-fix-path-len-limit.patch \ + file://libsemanage-fix-path-nologin.patch" -- cgit v1.2.3-54-g00ecf