Your message dated Tue, 28 Jun 2005 09:47:16 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#314886: fixed in dpkg 1.13.10
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Jun 2005 06:55:39 +0000
>From [EMAIL PROTECTED] Sat Jun 18 23:55:39 2005
Return-path: <[EMAIL PROTECTED]>
Received: from host-12-107-230-171.dtccom.net
(glaurung.internal.golden-gryphon.com) [12.107.230.171]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DjtiU-000299-00; Sat, 18 Jun 2005 23:55:38 -0700
Received: from glaurung.internal.golden-gryphon.com ([EMAIL PROTECTED]
[127.0.0.1])
by glaurung.internal.golden-gryphon.com (8.13.4/8.13.4/Debian-3) with
ESMTP id j5J6kpZZ028437
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
for <[EMAIL PROTECTED]>; Sun, 19 Jun 2005 01:46:51 -0500
Received: (from [EMAIL PROTECTED])
by glaurung.internal.golden-gryphon.com (8.13.4/8.13.4/Submit) id
j5J6kpxq028436;
Sun, 19 Jun 2005 01:46:51 -0500
X-Authentication-Warning: glaurung.internal.golden-gryphon.com: srivasta set
sender to [EMAIL PROTECTED] using -f
From: Manoj Srivastava <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: dpkg: Please apply this patch to enable SELinux support (for
src/archive.c)
Organization: Manoj Srivastava's Home
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)
(i686-pc-linux-gnu)
X-Debbugs-CC: Manoj Srivastava <[EMAIL PROTECTED]>
Face: iVBORw0KGgoAAAANSUhEUgAAACYAAAAwCAMAAABKbPgaAAAAM1BMVEUAAADIjH/0rp1KPz79
0b+ic2nlpJc2Ly2AY17VlYb4uqi2gHQXFBN2WVXgno5iT02Xa2Nx+jaIAAACVElEQVQ4jeWU23bj
IAxFLUAggQX6/6+dI9LGTpo+9mlYiXNhc3TnOP50naZE0tqvgEk+soutnNfQ8yPTWMTENhNrjI+Y
+N7POVt8tAzpn2vJlsmttbyfrdkP7hx5iezteGzsbOts7xT+tC1mcG+LtRP2X/16bEQExuyx1uZW
vscrAWUT8aE0aDBeBuw8nS5u4WgWyDCllOZUBeyWgbWbGrBsTDpTx0qpphlcYPcgJLvBXFClPMg5
6WH2JidLIAaDF5aAed7uPTH4bjw0bZvfajp2tHc1F+cBm+Vr9YomGSwNhbmcczYEWUu5MBpYvCLV
F+ZIKwQfYB+CBXnIRQFvIRhK6l96PemsFLEPFxi+MPxiTYH0Ave1InPsIYes3NJb42ytBSmmysyj
lIQYHJm6Im1WbQ0kWMesKFRFPKTDzJ3GhWUn2KWKEkWlKthoACLm2eWJQQh2qKbAUgQxa+8TVjn1
aySm8656ookCfCc5TRzvnZ6YOu3NpHg+uR5YuRkNF/b5IHq5Y7Ve6c2+sR4hqIZ3+5DCt3ukh8Eo
vFIXVJxqfMdbkd/BF3YaQkB/2RIUHPMS7RLVAHefrYzWZVQ/ei4peBsROFLi90ltQyvF5I05t4Zs
L4C9DODJ2AZCUf8UitGjCIdfx15QQkfZibTOGT3edxns5fY6F2rstKcTwiiaJnQwvYkdzTlaTqNH
IkSmGdLrON45tGsMNDoSYr4bxH5emHEFaoFjKBahHXFXfLx9cR9p6ejJXihuxPz57gWHZkWovbPl
9gsU8eImtBi++3D+f+sfT/Mg79fyEz8AAAAASUVORK5CYII=
X-URL: http://www.golden-gryphon.com/
Mail-Copies-To: nobody
X-Face: [EMAIL PROTECTED]/;Y^gTjR\T^"B'fbeuVGiyKrvbfKJl!^e|e:iu(kJ6c|QYB57LP*|t
&YlP~HF/=h:[EMAIL PROTECTED]:6Cj0kd#4]>*D,|0djf'CVlXkI,>aV4\}?d_KEqsN{Nnt7
78"OsbQ["56/!nisvyB/uA5Q.{)gm6?q.j71ww.>b9b]-sG8zNt%KkIa>xWg&1VcjZk[hBQ>]j~`Wq
Xl,y1a!(>6`UM{~'X[Y_,Bv+}=L\SS*mA8=s;!=O`ja|@PEzb&i0}Qp,`Z\:6:OmRi*
X-Hashcash: 1:25:050619:[EMAIL
PROTECTED]::H238HE0EZFqiPRWL:000000000000000000000000000000000000005GqXm
Date: Sun, 19 Jun 2005 01:46:51 -0500
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-CRM114-Score: -68.7837
X-CRM114-Status: Good ( pR: -68.7837 )
X-SA-Orig: -9.899, -68.7837
X-Spam-Value: -18.1647611111111
X-Grey: White
X-SA-Rep: -18.1647611111111 ALL_TRUSTED,BAYES_00,HASHCASH_25
X-Scanned-By: MIMEDefang version 2.51 (www . roaringpenguin . com / mimedefang)
on 192.168.1.10
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--=-=-=
Package: dpkg
Version: 1.13.9
Severity: wishlist
Hi,
As discussed on IRC, the previous SELinux support patch was
applied to lib/star.c, which may not have been the code actually used
while extracting packages. I have now patched src/archive.c to apply
initial SELinux security context labels to files as they are
unpacked. This should be a minimally invasive patch, and has been
tested (well, it compiles, install, and can install other packages on
non-Se-Linux machines). This is in addition to the previous patches,
and should apply cleanly to
[EMAIL PROTECTED]/dpkg--devel--1.13--patch-179.
You can pull directly from
[EMAIL PROTECTED]/dpkg--selinux--1.13, or apply the
patch below.
manoj
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=selinux.patch
Content-Description: New SELinux support patch
* looking for [EMAIL PROTECTED]/dpkg--devel--1.13--patch-43 to compare with
tla library-add --sparse [EMAIL PROTECTED]/dpkg--devel--1.13--patch-43
* comparing to [EMAIL PROTECTED]/dpkg--devel--1.13--patch-43:
................................................ done.
* modified files
--- orig/ChangeLog
+++ mod/ChangeLog
@@ -1,3 +1,16 @@
+2005-06-18 Manoj Srivastava <[EMAIL PROTECTED]>
+
+ * src/archives.c: Include selinux/selinux.h if WITH_SELINUX is
+ defined. Before extracting the tar object, find out the initial
+ security context for the object to be extracted, as per the
+ local security policy, using matchpathcon(), and set the default
+ security context for the process using
+ setfscreatecon(). After this we proceed to process the
+ tarobject normally, setting owner and permissions, and
+ renaming it from foo.dpkg-new to foo. After that, we
+ step back in, and restore the default security context.
+
+
2005-06-15 Bastian Kleineidam <[EMAIL PROTECTED]>
* man/C/dpkg.cfg.5: Correct reference to dpkg(8) to dpkg(1).
--- orig/debian/changelog
+++ mod/debian/changelog
@@ -11,6 +11,14 @@
- Added missing word to dpkg-architecture manpage. Closes: #313554.
- Reference to dpkg manpage in dpkg.cfg corrected. Closes: #314262.
+ SELinux support (Manoj Srivastava):
+ * Also patch src/archive.c, which is the code that is actually
+ called. Use a slightly different method than what we used in
+ lib/star.c -- here we temporarily set the default security context of
+ the process to the one required to create the file being unpacked in
+ the proper initial context, and then restore the policy defined
+ default after unpacking and renaming.
+
--
dpkg (1.13.9) unstable; urgency=low
--- orig/src/archives.c
+++ mod/src/archives.c
@@ -43,6 +43,12 @@
#include <tarfn.h>
#include <myopt.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+static int selinux_enabled=-1;
+static security_context_t scontext = NULL;
+#endif
+
#include "filesdb.h"
#include "main.h"
#include "archives.h"
@@ -515,6 +521,38 @@
*/
push_cleanup(cu_installnew,~ehflag_normaltidy, 0,0, 1,(void*)nifd);
+#ifdef WITH_SELINUX
+ /* Set selinux_enabled if it is not already set (singleton) */
+ if (selinux_enabled < 0)
+ selinux_enabled = (is_selinux_enabled() > 0);
+
+ /* Since selinux is enabled, try and set the context */
+ if (selinux_enabled == 1) {
+ /*
+ * well, we could use
+ * void set_matchpathcon_printf(void (*f)(const char *fmt, ...));
+ * to redirect the errors from the following bit, but that
+ * seems too much effort.
+ */
+
+ /*
+ * Do nothing if we can't figure out what the context is,
+ * or if it has no context; in which case the default
+ * context shall be applied.
+ */
+ if( ! ((matchpathcon(fnamenewvb.buf,
+ (nifd->namenode->statoverride ?
+ nifd->namenode->statoverride->mode : ti->Mode)
+ & ~S_IFMT, &scontext) != 0) ||
+ (strcmp(scontext, "<<none>>") == 0)))
+ {
+ if(setfscreatecon(scontext) < 0)
+ perror("Error setting security context for file object:");
+ }
+ }
+#endif /* WITH_SELINUX */
+
+
/* Extract whatever it is as .dpkg-new ... */
switch (ti->Type) {
case NormalFile0: case NormalFile1:
@@ -655,9 +693,34 @@
}
}
+#ifdef WITH_SELINUX
+ /*
+ * if selinux is enabled, try and set the defaule security context
+ * for the renamed file
+ */
+ if (selinux_enabled == 1)
+ if(scontext)
+ {
+ if(setfscreatecon(scontext) < 0)
+ perror("Error setting security context for next file object:");
+ freecon(scontext);
+ }
+
+#endif /* WITH_SELINUX */
+
if (rename(fnamenewvb.buf,fnamevb.buf))
ohshite(_("unable to install new version of `%.255s'"),ti->Name);
+#ifdef WITH_SELINUX
+ /*
+ * if selinux is enabled, restore the default security context
+ */
+ if (selinux_enabled == 1)
+ if(setfscreatecon(NULL) < 0)
+ perror("Error restoring default security context:");
+#endif /* WITH_SELINUX */
+
+
nifd->namenode->flags |= fnnf_elide_other_lists;
debug(dbg_eachfiledetail,"tarobject done and installed");
--=-=-=
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11.2-skas3-v8-rc2
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968)
(ignored: LC_ALL set to C)
Versions of packages dpkg depends on:
ii coreutils [textutils] 5.2.1-2.gn1 The GNU core utilities
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii textutils 5.2.1-2 The GNU text file processing utili
dpkg recommends no packages.
-- no debconf information
--
Cheese -- milk's leap toward immortality. Clifton Fadiman, "Any Number
Can Play"
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--=-=-=--
---------------------------------------
Received: (at 314886-close) by bugs.debian.org; 28 Jun 2005 13:51:47 +0000
>From [EMAIL PROTECTED] Tue Jun 28 06:51:46 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DnGV8-0006tE-00; Tue, 28 Jun 2005 06:51:46 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DnGQm-0007PG-00; Tue, 28 Jun 2005 09:47:16 -0400
From: Scott James Remnant <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#314886: fixed in dpkg 1.13.10
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 28 Jun 2005 09:47:16 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 19
Source: dpkg
Source-Version: 1.13.10
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:
dpkg-dev_1.13.10_all.deb
to pool/main/d/dpkg/dpkg-dev_1.13.10_all.deb
dpkg_1.13.10.dsc
to pool/main/d/dpkg/dpkg_1.13.10.dsc
dpkg_1.13.10.tar.gz
to pool/main/d/dpkg/dpkg_1.13.10.tar.gz
dpkg_1.13.10_i386.deb
to pool/main/d/dpkg/dpkg_1.13.10_i386.deb
dselect_1.13.10_i386.deb
to pool/main/d/dpkg/dselect_1.13.10_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott James Remnant <[EMAIL PROTECTED]> (supplier of updated dpkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 28 Jun 2005 14:19:06 +0100
Source: dpkg
Binary: dpkg dselect dpkg-dev
Architecture: source i386 all
Version: 1.13.10
Distribution: unstable
Urgency: low
Maintainer: Scott James Remnant <[EMAIL PROTECTED]>
Changed-By: Scott James Remnant <[EMAIL PROTECTED]>
Description:
dpkg - Package maintenance system for Debian
dpkg-dev - Package building tools for Debian
dselect - a user tool to manage Debian packages
Closes: 313282 313288 313330 313347 313381 313398 313400 313415 313433 313474
313554 313620 314125 314262 314431 314550 314575 314828 314886 316084
Changes:
dpkg (1.13.10) unstable; urgency=low
.
The "Bully's Special Prize" Release.
.
* Removed /usr/sbin/start-stop-daemon. Closes: #313400.
* Fixed md5sum diversion removal. Closes: #313415.
* Fixed dpkg-source to handle native tarballs with a Debian revision.
Closes: #313381, #313433.
* Fixed upgrade from pre-sarge dpkg outside of dselect. Closes: #314575.
* Changed log times to be local rather than UTC. Closes: #313347.
* Changed log writing to be line-buffered. Closes: #314550.
* Moved log creation to postinst, and don't fail if base-passwd hasn't
been configured yet. Closes: #316084.
* Don't try to compile in SELinux support on Hurd. Closes: #313398.
* Place code for SELinux support in the right place so it will actually
get compiled in and used (Manoj Srivastava). Closes: #314886.
.
* Documentation:
- Added missing word to dpkg-architecture manpage. Closes: #313554.
- Reference to dpkg manpage in dpkg.cfg corrected. Closes: #314262.
* Updated Translations (Christian Perrier):
- Basque (Piarres Beobide Egana). Closes: #313474.
- Catalan (Jordi Mallach). Closes: #313288.
- Czech (Miroslav Kure). Closes: #314431.
- Danish (Claus Hindsgaul).
- French (Christian Perrier).
- German (Jens Seidel). Closes: #314125.
- Greek (Greek team). Closes: #314828.
- Italian (Lele Gaifax).
- Japanese (Kenshi Muto). Closes: #313330.
- Russian (Yuri Kozlov). Closes: #313620.
* Hebrew translation de-activated on request of the translator until there
is better support for RTL languages. Closes: #313282.
Files:
b7aed582c29e1838247a536a9c84d94a 637 base required dpkg_1.13.10.dsc
3364a0554b8216a06f8a3731db9624e7 3565492 base required dpkg_1.13.10.tar.gz
8579b171220c19cb2f18d55ebcfb40d0 1811396 base required dpkg_1.13.10_i386.deb
1722bbf7388de448c7448b79a1ba9a64 120520 base required dselect_1.13.10_i386.deb
3f6457957271c429eab1e630d9f9f1d9 162786 utils standard dpkg-dev_1.13.10_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCwU9aIexP3IStZ2wRAltaAJ9rHvJUfDJkARm4feM5ziSvVe/WPwCdEOg1
5VbvVhI2eYxyyYB0Ly9dcYk=
=bDgR
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
