1
Add selinux_getenforce() calls to work when not in enforcing mode
2
- use security_getenforce() instead of selinux_getenforcemode
5
Index: logrotate-3.7.1/logrotate.c
6
===================================================================
7
--- logrotate-3.7.1.orig/logrotate.c 2006-04-08 20:42:37.114533654 +0100
8
+++ logrotate-3.7.1/logrotate.c 2006-04-08 20:44:17.311634566 +0100
10
#include <selinux/selinux.h>
11
static security_context_t prev_context=NULL;
12
int selinux_enabled=0;
13
+int selinux_enforce=0;
16
#include "basenames.h"
21
- if ((selinux_enabled=(is_selinux_enabled()>0)))
23
- security_context_t oldContext;
24
- if (fgetfilecon(fdcurr, &oldContext) >=0) {
25
- if (getfscreatecon(&prev_context) < 0) {
26
- message(MESS_ERROR, "error getting default context: %s\n",
28
- freecon(oldContext);
31
- if (setfscreatecon(oldContext) < 0) {
32
- message(MESS_ERROR, "error setting file context %s to %s: %s\n",
33
- saveLog, oldContext,strerror(errno));
34
- freecon(oldContext);
37
- freecon(oldContext);
39
- message(MESS_ERROR, "error getting file context %s: %s\n", currLog,
44
+ if (selinux_enabled) {
45
+ security_context_t oldContext;
46
+ if (fgetfilecon(fdcurr, &oldContext) >=0) {
47
+ if (getfscreatecon(&prev_context) < 0) {
48
+ message(MESS_ERROR, "error getting default context: %s\n",
50
+ if (selinux_enforce) {
51
+ freecon(oldContext);
55
+ if (setfscreatecon(oldContext) < 0) {
56
+ message(MESS_ERROR, "error setting file context %s to %s: %s\n",
57
+ saveLog, oldContext,strerror(errno));
58
+ if (selinux_enforce) {
59
+ freecon(oldContext);
63
+ freecon(oldContext);
65
+ message(MESS_ERROR, "error getting file context %s: %s\n", currLog,
67
+ if (selinux_enforce) {
73
fdsave = open(saveLog, O_WRONLY | O_CREAT | O_TRUNC,sb->st_mode);
75
if (selinux_enabled) {
76
- setfscreatecon(prev_context);
77
- if (prev_context!= NULL) {
78
- freecon(prev_context);
81
+ setfscreatecon(prev_context);
82
+ if (prev_context!= NULL) {
83
+ freecon(prev_context);
90
(log->flags & LOG_FLAG_DELAYCOMPRESS) ? "" : compext);
93
- if ((selinux_enabled=(is_selinux_enabled()>0))) {
94
- security_context_t oldContext=NULL;
95
- if (getfilecon(log->files[logNum], &oldContext)>0) {
96
- if (getfscreatecon(&prev_context) < 0) {
97
- message(MESS_ERROR, "error getting default context: %s\n",
99
- freecon(oldContext);
102
- if (setfscreatecon(oldContext) < 0) {
103
- message(MESS_ERROR, "error setting file context %s to %s: %s\n",
104
- log->files[logNum], oldContext,strerror(errno));
105
- freecon(oldContext);
108
- freecon(oldContext);
110
- message(MESS_ERROR, "error getting file context %s: %s\n",
111
- log->files[logNum],
115
+ if (selinux_enabled) {
116
+ security_context_t oldContext=NULL;
117
+ if (getfilecon(log->files[logNum], &oldContext)>0) {
118
+ if (getfscreatecon(&prev_context) < 0) {
119
+ message(MESS_ERROR, "error getting default context: %s\n",
121
+ if (selinux_enforce) {
122
+ freecon(oldContext);
126
+ if (setfscreatecon(oldContext) < 0) {
127
+ message(MESS_ERROR, "error setting file context %s to %s: %s\n",
128
+ log->files[logNum], oldContext,strerror(errno));
129
+ if (selinux_enforce) {
130
+ freecon(oldContext);
134
+ freecon(oldContext);
136
+ message(MESS_ERROR, "error getting file context %s: %s\n",
137
+ log->files[logNum],
139
+ if (selinux_enforce) {
145
for (i = rotateCount + logStart - 1; (i >= 0) && !hasErrors; i--) {
146
@@ -883,11 +895,11 @@
149
if (selinux_enabled) {
150
- setfscreatecon(prev_context);
151
- if (prev_context!= NULL) {
152
- freecon(prev_context);
155
+ setfscreatecon(prev_context);
156
+ if (prev_context!= NULL) {
157
+ freecon(prev_context);
163
@@ -1249,6 +1261,10 @@
168
+ selinux_enabled=(is_selinux_enabled()>0);
169
+ selinux_enforce=security_getenforce();
171
for (file = files; *file; file++) {
172
if (readConfigPath(*file, &defConfig, &logs, &numLogs)) {