packages/libuser
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!3 Solve build failure

Browse Source 
Merge pull request !3 from yixiangzhike/master
This commit is contained in:
openeuler-ci-bot 2020-07-30 20:57:56 +08:00 committed by Gitee
commit 9e05510632
2 changed files with 100 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
libuser-do-not-use-deprecated-flask.h-and-av_permissions.patch Normal file
View File

@ -0,0 +1,78 @@
From 29d9996dd200916db888d41196f87609bce329ff Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Apr 07 2020 11:55:38 +0000
Subject: Do not use deprecated flask.h and av_permissions.h
selinux/flask.h and selinux/av_permissions.h will be completely dropped in the
next SELinux release.
Use string_to_security_class() and string_to_av_perm() to get class and
permission values. The original hardcoded values could be invalid and are
deprecated as the whole flask.h and av_permissions.h header files.
Fixes: https://pagure.io/libuser/issue/44
---
diff --git a/apps/apputil.c b/apps/apputil.c
index 1937645..7413ab5 100644
--- a/apps/apputil.c
+++ b/apps/apputil.c
@@ -26,8 +26,6 @@
#include <unistd.h>
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
-#include <selinux/av_permissions.h>
-#include <selinux/flask.h>
#include <selinux/context.h>
#endif
#include "../lib/error.h"
@@ -57,7 +55,7 @@ check_access(const char *chuser, access_vector_t access)
retval = security_compute_av(user_context,
user_context,
- SECCLASS_PASSWD,
+ string_to_security_class("passwd"),
access, &avd);
if (retval == 0 && (avd.allowed & access) == access)
@@ -221,19 +219,25 @@ lu_authenticate_unprivileged(struct lu_context *ctx, const char *user,
#ifdef WITH_SELINUX
if (is_selinux_enabled() > 0) {
/* FIXME: PASSWD_CHSH, PASSWD_PASSWD ? */
- if (getuid() == 0 && check_access(user, PASSWD__CHFN) != 0) {
- security_context_t user_context;
+ if (getuid() == 0) {
+ security_class_t class;
+ access_vector_t perm;
+ class = string_to_security_class("passwd");
+ perm = string_to_av_perm(class, "chfn");
+ if (check_access(user, perm) != 0) {
+ security_context_t user_context;
- if (getprevcon(&user_context) < 0)
- user_context = NULL;
- /* FIXME: "change the finger info?" */
- fprintf(stderr,
- _("%s is not authorized to change the finger "
- "info of %s\n"), user_context ? user_context
- : _("Unknown user context"), user);
- if (user_context != NULL)
- freecon(user_context);
- goto err;
+ if (getprevcon(&user_context) < 0)
+ user_context = NULL;
+ /* FIXME: "change the finger info?" */
+ fprintf(stderr,
+ _("%s is not authorized to change the finger "
+ "info of %s\n"), user_context ? user_context
+ : _("Unknown user context"), user);
+ if (user_context != NULL)
+ freecon(user_context);
+ goto err;
+ }
}
/* FIXME: is this right for lpasswd? */
if (!lu_util_fscreate_from_file("/etc/passwd", NULL)) {

40
libuser.spec
View File

@ -1,18 +1,18 @@
Name : libuser Name: libuser
Version : 0.62 Version: 0.62
Release : 20 Release: 21
Summary : A user and group account administration library Summary: A user and group account administration library
License : LGPLv2+ License: LGPLv2+
URL : https://pagure.io/libuser URL: https://pagure.io/libuser
Source : http://releases.pagure.org/libuser/libuser-%{version}.tar.xz Source: http://releases.pagure.org/libuser/libuser-%{version}.tar.xz
# Patch1 : this patch is from fedora. # Patch0 : this patch is from fedora.
Patch1 : 0001-Fix-errors-with-Werror-format-security.patch Patch0: 0001-Fix-errors-with-Werror-format-security.patch
Patch1: 0009-Check-negative-return-of-PyList_Size.patch
Patch9000: 0009-Check-negative-return-of-PyList_Size.patch Patch2: 0010-files.c-Init-char-name-to-NULL.patch
Patch9001: 0010-files.c-Init-char-name-to-NULL.patch Patch3: 0011-merge_ent_array_duplicates-Only-use-values-if-valid.patch
Patch9002: 0011-merge_ent_array_duplicates-Only-use-values-if-valid.patch Patch4: 0012-editing_open-close-fd-after-we-ve-established-its-va.patch
Patch9003: 0012-editing_open-close-fd-after-we-ve-established-its-va.patch Patch5: libuser-do-not-use-deprecated-flask.h-and-av_permissions.patch
BuildRequires: cyrus-sasl-devel, nscd, linuxdoc-tools, pam-devel, popt-devel, gcc BuildRequires: cyrus-sasl-devel, nscd, linuxdoc-tools, pam-devel, popt-devel, gcc
BuildRequires: libselinux-devel, openldap-devel, python3-devel, glib2-devel, gdb BuildRequires: libselinux-devel, openldap-devel, python3-devel, glib2-devel, gdb
@ -65,11 +65,12 @@ Man pages and other related documents for %{name}
%setup -qc %setup -qc
pushd libuser-%{version} pushd libuser-%{version}
%patch0 -p1
%patch1 -p1 %patch1 -p1
%patch9000 -p1 %patch2 -p1
%patch9001 -p1 %patch3 -p1
%patch9002 -p1 %patch4 -p1
%patch9003 -p1 %patch5 -p1
popd popd
cp -dpR libuser-%{version} python2 || : cp -dpR libuser-%{version} python2 || :
@ -151,6 +152,9 @@ make -C python2 install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' || :
%{_mandir}/man5/* %{_mandir}/man5/*
%changelog %changelog
* Thu Jul 30 2020 zhangxingliang <zhangxingliang3@huawei.com> - 0.62-21
- do not use deprecated flask.h and av_permissions.h
* Sat Mar 21 2020 chengquan<chengquan3@huawei.com> - 0.62-20 * Sat Mar 21 2020 chengquan<chengquan3@huawei.com> - 0.62-20
- add necessary BuildRequires - add necessary BuildRequires