-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The libsemanage patch I sent attempts a link before doing the copy. The idea here is to save space whenever possible. The big win is when we create the sandbox. Since this copies all of the module files even though it usually does not replace them. The link can cause a problem where it links to files together with different file context. For example, on initial install the /etc/selinux/targeted/seusers file ends up a link to /etc/selinux/targeted/modules/active/seusers. We end up with the file labeled semanage_store_t, instead of selinux_config_t and login programs are not allowed to read the file. This patch removes the link code, and only does it for the copy_dir, which is used to make a copy of the sandbox. The sandbox and active have the same label so this is not a problem. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAklwgYsACgkQrlYvE4MpobNSFwCfQW+xZBSg/tR80dLOAWpYUsOF SMEAn3GydbE2uQODqGF2ehNzwo46t75a =q8c3 -----END PGP SIGNATURE-----
diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.31/src/semanage_store.c
--- nsalibsemanage/src/semanage_store.c 2009-01-13 08:45:35.000000000 -0500
+++ libsemanage-2.0.31/src/semanage_store.c 2009-01-15 15:53:46.000000000 -0500
@@ -440,8 +440,6 @@
char tmp[PATH_MAX];
char buf[4192];
- if (link(src,dst) == 0) return 0;
-
n = snprintf(tmp, PATH_MAX, "%s.tmp", dst);
if (n < 0 || n >= PATH_MAX)
return -1;
@@ -509,7 +507,8 @@
goto cleanup;
}
} else if (S_ISREG(sb.st_mode)) {
- if (semanage_copy_file(path, path2, sb.st_mode) == -1) {
+ if ((link(path,path2) == -1) &&
+ (semanage_copy_file(path, path2, sb.st_mode) == -1)) {
goto cleanup;
}
}
Attachment:
libsemanage-rhat.patch.sig
Description: PGP signature
