From f518a6f63029fd99019c10afdb67fbffe9bc8c3f Mon Sep 17 00:00:00 2001 From: blueskycs2c Date: Thu, 27 Feb 2020 15:20:37 +0800 Subject: [PATCH] generate proper selinux user identity on mail --- ...w-4.7-generate-selinux-identity-mail.patch | 61 +++++++++++++++++++ shadow.spec | 13 +++- 2 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 shadow-4.7-generate-selinux-identity-mail.patch diff --git a/shadow-4.7-generate-selinux-identity-mail.patch b/shadow-4.7-generate-selinux-identity-mail.patch new file mode 100644 index 0000000..3d78bd7 --- /dev/null +++ b/shadow-4.7-generate-selinux-identity-mail.patch @@ -0,0 +1,61 @@ +From 76c4522247df2a68ff4fdee6789fc03470d65527 Mon Sep 17 00:00:00 2001 +From: blueskycs2c +Date: Thu, 27 Feb 2020 14:45:24 +0800 +Subject: [PATCH] generate proper selinux user identity on mail + +--- + src/useradd.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/src/useradd.c b/src/useradd.c +index df232dc..294d735 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -188,6 +188,7 @@ static bool home_added = false; + #define E_NAME_IN_USE 9 /* username already in use */ + #define E_GRP_UPDATE 10 /* can't update group file */ + #define E_HOMEDIR 12 /* can't create home directory */ ++#define E_MAILBOXFILE 13 /* can't create mailbox file */ + #define E_SE_UPDATE 14 /* can't update SELinux user mapping */ + #ifdef ENABLE_SUBIDS + #define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */ +@@ -2203,6 +2204,17 @@ static void create_mail (void) + sprintf (file, "%s/%s/%s", prefix, spool, user_name); + else + sprintf (file, "%s/%s", spool, user_name); ++#ifdef WITH_SELINUX ++ if (set_selinux_file_context (file) != 0) { ++ fprintf (stderr, ++ _("%s: cannot set SELinux context for mailbox file %s\n"), ++ Prog, file); ++ fail_exit (E_MAILBOXFILE); ++ } ++#endif ++ ++ ++ + fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0); + if (fd < 0) { + perror (_("Creating mailbox file")); +@@ -2227,6 +2239,18 @@ static void create_mail (void) + + fsync (fd); + close (fd); ++ ++#ifdef WITH_SELINUX ++ /* Reset SELinux to create files with default contexts */ ++ if (reset_selinux_file_context () != 0) { ++ fprintf (stderr, ++ _("%s: cannot reset SELinux file creation context\n"), ++ Prog); ++ fail_exit (E_MAILBOXFILE); ++ } ++#endif ++ ++ + } + } + +-- +2.24.1 + diff --git a/shadow.spec b/shadow.spec index eae2382..75c67cc 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,6 +1,6 @@ Name: shadow Version: 4.7 -Release: 8 +Release: 9 Epoch: 2 License: BSD and GPLv2+ Summary: Tools for managing accounts and shadow password files @@ -17,6 +17,7 @@ Patch2: shadow-4.5-goodname.patch Patch3: shadow-4.1.5.1-var-lock.patch Patch4: shadow-utils-fix-lock-file-residue.patch Patch5: shadow-utils-fix-invalid-path.patch +Patch6: shadow-4.7-generate-selinux-identity-mail.patch BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: libacl-devel, libattr-devel @@ -37,7 +38,11 @@ This package includes the necessary programs for converting plain password files to the shadow password format and to manage user and group accounts. -%package_help +%package help +Summary: Man pages for Shadow + +%description help +%{summary}. %prep %autosetup -n shadow-%{version} -p1 @@ -165,6 +170,10 @@ done %{_mandir}/*/* %changelog +* Thu Feb 27 2020 lili.ding - 2:4.7-9 +- generate /var/spool/mail/$USER with the proper SELinux user identity from github-shadow +- patch:shadow-4.7-generate-selinux-identity-mail.patch + * Fri Feb 21 2020 openEuler Buildteam - 2:4.7-8 - Remove redundant patches -- Gitee