Make patch SELinux compatible
On Thu, May 20, 2010 at 1:15 PM, Vadym Chepkov <vchepkov@gmail.com> wrote:
> Hi, > > Is there a way to make patch in Redhat SELinux compatible? > > # ls -Z php.php > -rw-r--r-- *root root user_u:object_r:httpd_sys_content_t:s0 php.php > > # patch -p1 < /root/php.patch > patching file php.php > > # ls -Z php.php > -rw-r--r-- *root root user_u:object_r:tmp_t:s0 * * * * php.php Strange. For me this work as aspected, because patch first unlink php.php and after read /tmp/pxxxx and write php.php. Are you sure that the file context for your php.php was persistent (via semanage fscontext ) and not set via chcon ? Regards -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
Make patch SELinux compatible
On May 20, 2010, at 8:12 AM, yersinia wrote:
> On Thu, May 20, 2010 at 1:15 PM, Vadym Chepkov <vchepkov@gmail.com> wrote: >> Hi, >> >> Is there a way to make patch in Redhat SELinux compatible? >> >> # ls -Z php.php >> -rw-r--r-- root root user_u:object_r:httpd_sys_content_t:s0 php.php >> >> # patch -p1 < /root/php.patch >> patching file php.php >> >> # ls -Z php.php >> -rw-r--r-- root root user_u:object_r:tmp_t:s0 php.php > Strange. For me this work as aspected, because patch first unlink php.php and > after read /tmp/pxxxx and write php.php. Are you sure that the file > context for your php.php was persistent (via semanage fscontext ) and > not set via chcon ? yes, I am sure. and I never user 'semanage fcontext', I prefer local.fc But in this case it's under /var/www, so it inherits default context. rpm -qlp patch-2.5.4-29.2.3.el5.src.rpm patch-2.5-stderr.patch patch-2.5.4-ifdef.patch patch-2.5.4-program_name.patch patch-2.5.4-sigsegv.patch patch-2.5.4-suffix.patch patch-2.5.4.tar.gz patch-parse.patch patch-posix-backup.patch patch-stripcr.patch patch.spec no selinux :( Vadym -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
Make patch SELinux compatible
On Thu, 2010-05-20 at 08:22 -0400, Vadym Chepkov wrote:
> On May 20, 2010, at 8:12 AM, yersinia wrote: > > > On Thu, May 20, 2010 at 1:15 PM, Vadym Chepkov <vchepkov@gmail.com> wrote: > >> Hi, > >> > >> Is there a way to make patch in Redhat SELinux compatible? > >> > >> # ls -Z php.php > >> -rw-r--r-- root root user_u:object_r:httpd_sys_content_t:s0 php.php > >> > >> # patch -p1 < /root/php.patch > >> patching file php.php > >> > >> # ls -Z php.php > >> -rw-r--r-- root root user_u:object_r:tmp_t:s0 php.php > > Strange. For me this work as aspected, because patch first unlink php.php and > > after read /tmp/pxxxx and write php.php. Are you sure that the file > > context for your php.php was persistent (via semanage fscontext ) and > > not set via chcon ? > > yes, I am sure. > and I never user 'semanage fcontext', I prefer local.fc > But in this case it's under /var/www, so it inherits default context. > > rpm -qlp patch-2.5.4-29.2.3.el5.src.rpm > patch-2.5-stderr.patch > patch-2.5.4-ifdef.patch > patch-2.5.4-program_name.patch > patch-2.5.4-sigsegv.patch > patch-2.5.4-suffix.patch > patch-2.5.4.tar.gz > patch-parse.patch > patch-posix-backup.patch > patch-stripcr.patch > patch.spec > > no selinux :( Hmmm...I ran the test case in that bug though and it still fails on F-12. Even with a -selinux patch in the .src.rpm. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
Make patch SELinux compatible
On May 20, 2010, at 8:24 AM, Stephen Smalley wrote:
> On Thu, 2010-05-20 at 08:22 -0400, Vadym Chepkov wrote: >> On May 20, 2010, at 8:12 AM, yersinia wrote: >> >>> On Thu, May 20, 2010 at 1:15 PM, Vadym Chepkov <vchepkov@gmail.com> wrote: >>>> Hi, >>>> >>>> Is there a way to make patch in Redhat SELinux compatible? >>>> >>>> # ls -Z php.php >>>> -rw-r--r-- root root user_u:object_r:httpd_sys_content_t:s0 php.php >>>> >>>> # patch -p1 < /root/php.patch >>>> patching file php.php >>>> >>>> # ls -Z php.php >>>> -rw-r--r-- root root user_u:object_r:tmp_t:s0 php.php >>> Strange. For me this work as aspected, because patch first unlink php.php and >>> after read /tmp/pxxxx and write php.php. Are you sure that the file >>> context for your php.php was persistent (via semanage fscontext ) and >>> not set via chcon ? >> >> yes, I am sure. >> and I never user 'semanage fcontext', I prefer local.fc >> But in this case it's under /var/www, so it inherits default context. >> >> rpm -qlp patch-2.5.4-29.2.3.el5.src.rpm >> patch-2.5-stderr.patch >> patch-2.5.4-ifdef.patch >> patch-2.5.4-program_name.patch >> patch-2.5.4-sigsegv.patch >> patch-2.5.4-suffix.patch >> patch-2.5.4.tar.gz >> patch-parse.patch >> patch-posix-backup.patch >> patch-stripcr.patch >> patch.spec >> >> no selinux :( > > Hmmm...I ran the test case in that bug though and it still fails on > F-12. Even with a -selinux patch in the .src.rpm. Concur, I just compiled patch-2.6.1-2 on el5, patch-selinux.patch included, same result. Vadym -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
Make patch SELinux compatible
On Thu, 2010-05-20 at 14:12 +0200, yersinia wrote:
> On Thu, May 20, 2010 at 1:15 PM, Vadym Chepkov <vchepkov@gmail.com> wrote: > > Hi, > > > > Is there a way to make patch in Redhat SELinux compatible? > > > > # ls -Z php.php > > -rw-r--r-- root root user_u:object_r:httpd_sys_content_t:s0 php.php > > > > # patch -p1 < /root/php.patch > > patching file php.php > > > > # ls -Z php.php > > -rw-r--r-- root root user_u:object_r:tmp_t:s0 php.php > Strange. For me this work as aspected, because patch first unlink php.php and > after read /tmp/pxxxx and write php.php. Are you sure that the file > context for your php.php was persistent (via semanage fscontext ) and > not set via chcon ? What distro release are you using? For me, patch is not preserving context (as per the original bug report) on F-12. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
| All times are GMT. The time now is 08:09 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.