From 948d557b4a61dc14722668b6b11a4cf3cee07b01 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Fri, 13 Sep 2019 17:56:30 +0100
Subject: gentoo resync : 13.09.2019

---
 .../vixie-cron/files/vixie-cron-4.1-selinux-1.diff | 144 ---------------------
 1 file changed, 144 deletions(-)
 delete mode 100644 sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff

(limited to 'sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff')

diff --git a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff b/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff
deleted file mode 100644
index ec2493e8c3ca..000000000000
--- a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff
+++ /dev/null
@@ -1,144 +0,0 @@
-diff -purN vixie-cron-4.1.orig/Makefile vixie-cron-4.1/Makefile
---- vixie-cron-4.1.orig/Makefile	2004-08-27 14:09:33.000000000 -0400
-+++ vixie-cron-4.1/Makefile	2008-08-25 15:17:20.062720415 -0400
-@@ -68,7 +68,8 @@ LINTFLAGS	=	-hbxa $(INCLUDE) $(DEBUGGING
- #<<want to use a nonstandard CC?>>
- CC		=	gcc -Wall -Wno-unused -Wno-comment
- #<<manifest defines>>
--DEFS		=
-+DEFS		= -s -DWITH_SELINUX
-+LIBS		+= 	-lselinux
- #(SGI IRIX systems need this)
- #DEFS		=	-D_BSD_SIGNALS -Dconst=
- #<<the name of the BSD-like install program>>
-diff -purN vixie-cron-4.1.orig/database.c vixie-cron-4.1/database.c
---- vixie-cron-4.1.orig/database.c	2004-08-27 14:09:34.000000000 -0400
-+++ vixie-cron-4.1/database.c	2008-08-27 08:19:37.948930858 -0400
-@@ -28,6 +28,16 @@ static char rcsid[] = "# $Id$
- 
- #include "cron.h"
- 
-+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h>
-+#include <selinux/flask.h>
-+#include <selinux/av_permissions.h>
-+#include <selinux/get_context_list.h>
-+#define SYSUSERNAME "system_u"
-+#else
-+#define SYSUSERNAME "*system*"
-+#endif
-+
- #define TMAX(a,b) ((a)>(b)?(a):(b))
- 
- static	void		process_crontab(const char *, const char *,
-@@ -183,7 +193,7 @@ process_crontab(const char *uname, const
- 	if (fname == NULL) {
- 		/* must be set to something for logging purposes.
- 		 */
--		fname = "*system*";
-+		fname = SYSUSERNAME;
- 	} else if ((pw = getpwnam(uname)) == NULL) {
- 		/* file doesn't have a user in passwd file.
- 		 */
-@@ -245,6 +255,56 @@ process_crontab(const char *uname, const
- 		free_user(u);
- 		log_it(fname, getpid(), "RELOAD", tabname);
- 	}
-+#ifdef WITH_SELINUX
-+	if (is_selinux_enabled())	{
-+	  security_context_t file_context=NULL;
-+	  security_context_t user_context=NULL;
-+	  struct av_decision avd;
-+	  int retval=0;
-+	  char *seuser=NULL;
-+	  char *level=NULL;
-+
-+	  if (fgetfilecon(crontab_fd, &file_context) < OK) {
-+	    log_it(fname, getpid(), "getfilecon FAILED", tabname);
-+	    goto next_crontab;
-+	  }
-+
-+	  /*
-+	   * Since crontab files are not directly executed,
-+	   * crond must ensure that the crontab file has
-+	   * a context that is appropriate for the context of
-+	   * the user cron job.  It performs an entrypoint
-+	   * permission check for this purpose.
-+	   */
-+	  if (getseuserbyname(fname, &seuser, &level) < 0) {
-+	    log_it(fname, getpid(), "NO SEUSER", tabname);
-+	    goto next_crontab;
-+	  }
-+
-+	  if (get_default_context_with_level(seuser, level, NULL, &user_context) < 0) {
-+	    log_it(fname, getpid(), "NO CONTEXT", tabname);
-+	    freecon(file_context);
-+	    free(seuser);
-+	    free(level);
-+	    goto next_crontab;
-+	  }
-+
-+	  retval = security_compute_av(user_context,
-+				       file_context,
-+				       SECCLASS_FILE,
-+				       FILE__ENTRYPOINT,
-+				       &avd);
-+	  freecon(user_context);
-+	  freecon(file_context);
-+	  free(seuser);
-+	  free(level);
-+
-+	  if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
-+	    log_it(fname, getpid(), "ENTRYPOINT FAILED", tabname);
-+	    goto next_crontab;
-+	  }
-+	}
-+#endif
- 	u = load_user(crontab_fd, pw, fname);
- 	if (u != NULL) {
- 		u->mtime = statbuf->st_mtime;
-diff -purN vixie-cron-4.1.orig/do_command.c vixie-cron-4.1/do_command.c
---- vixie-cron-4.1.orig/do_command.c	2004-08-27 14:09:34.000000000 -0400
-+++ vixie-cron-4.1/do_command.c	2008-08-25 15:43:43.289174371 -0400
-@@ -25,6 +25,11 @@ static char rcsid[] = "# $Id$
- 
- #include "cron.h"
- 
-+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h>
-+#include <selinux/get_context_list.h>
-+#endif
-+
- static void		child_process(entry *, user *);
- static int		safe_p(const char *, const char *);
- 
-@@ -265,6 +270,29 @@ child_process(entry *e, user *u) {
- 				_exit(OK_EXIT);
- 			}
- # endif /*DEBUGGING*/
-+#ifdef WITH_SELINUX
-+			if (is_selinux_enabled()) {
-+			  char *seuser=NULL;
-+			  char *level=NULL;
-+			  security_context_t scontext;
-+
-+			  if (getseuserbyname(u->name, &seuser, &level) < 0) {
-+			    fprintf(stderr, "getseuserbyname: Could not determine seuser for user %s\n", u->name);
-+			    _exit(ERROR_EXIT);
-+			  }
-+			  if (get_default_context_with_level(seuser, level, NULL, &scontext) < 0) {
-+			    fprintf(stderr, "get_default_context_with_level: could not get security context for user %s, seuser %s\n", u->name, seuser); 
-+			    _exit(ERROR_EXIT);
-+			  }
-+			  if (setexeccon(scontext) < 0) {
-+			    fprintf(stderr, "setexeccon: Could not set exec context to %s for user %s\n", scontext, u->name);
-+			    _exit(ERROR_EXIT);
-+			  }
-+			  free(seuser);
-+			  free(level);
-+			  freecon(scontext);
-+			}
-+#endif
- 			execle(shell, shell, "-c", e->cmd, (char *)0, e->envp);
- 			fprintf(stderr, "execl: couldn't exec `%s'\n", shell);
- 			perror("execl");
-- 
cgit v1.2.3