rpms-fedora-extras/strongswan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#903638 - SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the chr_file /dev/random

Browse Source
This commit is contained in:
Pavel Šimerda
2014-02-19 10:15:54 +01:00
parent 31f572c3a7
commit b97f57cef9
2 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
strongswan-5.1.1-selinux.patch Normal file
View File

@@ -0,0 +1,26 @@
diff --git a/src/charon/charon.c b/src/charon/charon.c
index 089ac45..b644977 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -226,7 +226,7 @@ static bool check_pidfile()
}
/* create new pidfile */
- pidfile = fopen(PID_FILE, "w");
+ pidfile = fopen(PID_FILE, "we");
if (pidfile)
{
ignore_result(fchown(fileno(pidfile),
diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c
index 1f10792..c79e87a 100644
--- a/src/libstrongswan/plugins/random/random_plugin.c
+++ b/src/libstrongswan/plugins/random/random_plugin.c
@@ -83,7 +83,7 @@ bool random_plugin_get_strong_equals_true()
*/
static bool open_dev(char *file, int *fd)
{
- *fd = open(file, O_RDONLY);
+ *fd = open(file, O_RDONLY | O_CLOEXEC);
if (*fd == -1)
{
DBG1(DBG_LIB, "opening \"%s\" failed: %s", file, strerror(errno));

7
strongswan.spec
View File

@@ -9,7 +9,7 @@
Name: strongswan Name: strongswan
Version: 5.1.1 Version: 5.1.1
Release: 4%{?dist} Release: 5%{?dist}
Summary: An OpenSource IPsec-based VPN Solution Summary: An OpenSource IPsec-based VPN Solution
Group: System Environment/Daemons Group: System Environment/Daemons
License: GPLv2+ License: GPLv2+
@@ -21,6 +21,7 @@ Patch2: libstrongswan-plugin.patch
Patch3: libstrongswan-settings-debug.patch Patch3: libstrongswan-settings-debug.patch
Patch4: libstrongswan-973315.patch Patch4: libstrongswan-973315.patch
Patch5: strongswan-1036844.patch Patch5: strongswan-1036844.patch
Patch6: strongswan-5.1.1-selinux.patch
BuildRequires: gmp-devel autoconf automake BuildRequires: gmp-devel autoconf automake
BuildRequires: libcurl-devel BuildRequires: libcurl-devel
@@ -83,6 +84,7 @@ implementation possessing a standard IF-IMC/IMV interface.
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1
echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
@@ -336,6 +338,9 @@ fi
%changelog %changelog
* Wed Feb 19 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.1-5
- #903638 - SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the chr_file /dev/random
* Thu Jan 09 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.1-4 * Thu Jan 09 2014 Pavel Šimerda <psimerda@redhat.com> - 5.1.1-4
- Removed redundant patches and *.spec commands caused by branch merging - Removed redundant patches and *.spec commands caused by branch merging