Hello community, here is the log from the commit of package at for openSUSE:Factory checked in at Thu Jan 8 14:50:33 CET 2009. -------- --- at/at.changes 2008-10-08 18:35:05.000000000 +0200 +++ /mounts/work_src_done/STABLE/at/at.changes 2009-01-08 10:39:31.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Jan 8 10:38:35 CET 2009 - prusnak@suse.cz + +- corrected selinux.patch [bnc#463521] + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- at-3.1.8.dif at-3.1.8-eal3-manpages.dif at-3.1.8-formatbugs.dif at-3.1.8_massive_batch.patch at-3.1.8-pam.diff at-documentation-dir.diff at-selinux-20040909.patch New: ---- at-3.1.8-documentation-dir.patch at-3.1.8-eal3-manpages.patch at-3.1.8-formatbugs.patch at-3.1.8-massive_batch.patch at-3.1.8-pam.patch at-3.1.8.patch at-3.1.8-selinux.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ at.spec ++++++ --- /var/tmp/diff_new_pack.I13681/_old 2009-01-08 14:50:05.000000000 +0100 +++ /var/tmp/diff_new_pack.I13681/_new 2009-01-08 14:50:05.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package at (Version 3.1.8) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,24 +26,24 @@ Group: System/Daemons AutoReqProv: on Version: 3.1.8 -Release: 1068 +Release: 1069 Summary: A Job Manager Source: at_3.1.8-11.tar.gz Source1: atd.init Source2: atd.pamd Source3: sysconfig.atd -Patch: at-%{version}.dif -Patch1: at-%{version}-bison.patch -Patch2: at-%{version}-delete_r.patch -Patch3: at-%{version}-ttime.patch -Patch4: at-%{version}-joblist.patch -Patch6: at-selinux-20040909.patch -Patch7: at-%{version}-pie.patch -Patch8: at-%{version}-eal3-manpages.dif -Patch9: at-%{version}-formatbugs.dif -Patch10: at-3.1.8-pam.diff -Patch11: at-3.1.8_massive_batch.patch -Patch12: at-documentation-dir.diff +Patch0: %{name}-%{version}.patch +Patch1: %{name}-%{version}-bison.patch +Patch2: %{name}-%{version}-delete_r.patch +Patch3: %{name}-%{version}-ttime.patch +Patch4: %{name}-%{version}-joblist.patch +Patch5: %{name}-%{version}-selinux.patch +Patch6: %{name}-%{version}-pie.patch +Patch7: %{name}-%{version}-eal3-manpages.patch +Patch8: %{name}-%{version}-formatbugs.patch +Patch9: %{name}-%{version}-pam.patch +Patch10: %{name}-%{version}-massive_batch.patch +Patch11: %{name}-%{version}-documentation-dir.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /usr/sbin/useradd /usr/sbin/groupadd %fillup_prereq %insserv_prereq @@ -60,29 +60,30 @@ Siggy Brentrup <bsb@winnegan.de> %prep -%setup -%patch +%setup -q +%patch0 %patch1 %patch2 %patch3 %patch4 -%patch6 -p1 -%patch7 -p1 +%patch5 +%patch6 +%patch7 %patch8 %patch9 %patch10 %patch11 -%patch12 -p1 %build %{?suse_update_config:%{suse_update_config -f}} rm -fv y.tab.c y.tab.h lex.yy.c lex.yy.o y.tab.o autoconf -export CFLAGS="$RPM_OPT_FLAGS" export SENDMAIL=/usr/sbin/sendmail -./configure --prefix=%{_prefix} --with-pam --with-selinux \ - --with-daemon_username=at --with-daemon_groupname=at \ - --mandir=%{_mandir} +%configure \ + --with-pam \ + --with-selinux \ + --with-daemon_username=at \ + --with-daemon_groupname=at make %install @@ -148,6 +149,8 @@ /var/adm/fillup-templates/sysconfig.atd %changelog +* Thu Jan 08 2009 prusnak@suse.cz +- corrected selinux.patch [bnc#463521] * Wed Oct 08 2008 bwalle@suse.de - Fix documentation directory in at(1). * Mon Sep 01 2008 puzel@suse.cz @@ -225,7 +228,7 @@ - don't activate by default * Mon May 19 2003 ro@suse.de - fix filelist -* Tue May 13 2003 ro@suse.de +* Mon May 12 2003 ro@suse.de - use defattr * Tue Mar 11 2003 ro@suse.de - fix postinstall for updates (appeared in #24653) ++++++ at-3.1.8-bison.patch ++++++ --- /var/tmp/diff_new_pack.I13681/_old 2009-01-08 14:50:05.000000000 +0100 +++ /var/tmp/diff_new_pack.I13681/_new 2009-01-08 14:50:05.000000000 +0100 @@ -1,5 +1,5 @@ ---- parsetime.y Thu Nov 7 11:06:27 2002 -+++ parsetime.y Thu Nov 7 11:08:43 2002 +--- parsetime.y ++++ parsetime.y @@ -63,6 +63,7 @@ time_or_not : time ++++++ at-3.1.8-documentation-dir.patch ++++++ --- at.1.in +++ at.1.in @@ -117,7 +117,7 @@ .B at 1am tomorrow. .PP The exact definition of the time specification can be found in -.IR @prefix@/share/doc/at/timespec . +.IR @prefix@/share/doc/packages/at/timespec . .PP For both .BR at " and " batch , ++++++ at-3.1.8-eal3-manpages.dif -> at-3.1.8-eal3-manpages.patch ++++++ --- at/at-3.1.8-eal3-manpages.dif 2006-01-13 00:16:45.000000000 +0100 +++ /mounts/work_src_done/STABLE/at/at-3.1.8-eal3-manpages.patch 2009-01-06 12:32:15.000000000 +0100 @@ -1,6 +1,5 @@ -diff -purN at-3.1.8.orig/at.allow.5 at-3.1.8/at.allow.5 ---- at.allow.5 1970-01-01 01:00:00.000000000 +0100 -+++ at.allow.5 2003-11-24 12:25:51.000000000 +0100 +--- at.allow.5 ++++ at.allow.5 @@ -0,0 +1,36 @@ +.Id $Id: at.allow.5,v 1.1 1997/09/28 20:00:28 ig25 Exp $ +.TH AT.ALLOW 5 "Sep 1997" "" "Linux Programmer's Manual" @@ -38,9 +37,8 @@ +.BR cron (8), +.BR crontab (1), +.BR atd (8). -diff -purN at-3.1.8.orig/at.deny.5 at-3.1.8/at.deny.5 ---- at.deny.5 1970-01-01 01:00:00.000000000 +0100 -+++ at.deny.5 2003-11-24 12:25:51.000000000 +0100 +--- at.deny.5 ++++ at.deny.5 @@ -0,0 +1,36 @@ +.Id $Id: at.allow.5,v 1.1 1997/09/28 20:00:28 ig25 Exp $ +.TH AT.ALLOW 5 "Sep 1997" "" "Linux Programmer's Manual" ++++++ at-3.1.8-formatbugs.dif -> at-3.1.8-formatbugs.patch ++++++ --- at/at-3.1.8-formatbugs.dif 2006-01-13 00:16:45.000000000 +0100 +++ /mounts/work_src_done/STABLE/at/at-3.1.8-formatbugs.patch 2009-01-06 12:32:16.000000000 +0100 @@ -1,19 +1,6 @@ ---- panic.h.xx 2005-02-05 10:12:44.870410055 +0100 -+++ panic.h 2005-02-05 10:18:18.327308607 +0100 -@@ -26,7 +26,9 @@ - #ifdef HAVE_ATTRIBUTE_NORETURN - __attribute__((noreturn)) - #endif --perr(const char *a, ...); -+perr(const char *a, ...) -+__attribute__((__format__(printf,1,2))) -+; - void - #ifdef HAVE_ATTRIBUTE_NORETURN - __attribute__((noreturn)) ---- atd.c.xx 2005-02-05 10:19:11.235056781 +0100 -+++ atd.c 2005-02-05 10:19:20.048518592 +0100 -@@ -330,7 +330,7 @@ +--- atd.c ++++ atd.c +@@ -293,7 +293,7 @@ if (buf.st_nlink > 2) { perr("Someboy is trying to run a linked script for job %8lu (%.500s)", @@ -22,8 +9,8 @@ } if ((fflags = fcntl(fd_in, F_GETFD)) < 0) perr("Error in fcntl"); ---- daemon.h.xx 2005-02-05 10:20:28.592475730 +0100 -+++ daemon.h 2005-02-05 10:20:19.283988448 +0100 +--- daemon.h ++++ daemon.h @@ -5,12 +5,12 @@ #ifdef HAVE_ATTRIBUTE_NORETURN __attribute__((noreturn)) @@ -39,3 +26,16 @@ +perr (const char *fmt, ...) __attribute__((__format__(printf,1,2))); extern int daemon_debug; +--- panic.h ++++ panic.h +@@ -26,7 +26,9 @@ + #ifdef HAVE_ATTRIBUTE_NORETURN + __attribute__((noreturn)) + #endif +-perr(const char *a, ...); ++perr(const char *a, ...) ++__attribute__((__format__(printf,1,2))) ++; + void + #ifdef HAVE_ATTRIBUTE_NORETURN + __attribute__((noreturn)) ++++++ at-3.1.8-massive_batch.patch ++++++ --- atd.c +++ atd.c @@ -140,9 +140,10 @@ static double load_avg = LOADAVG_MX; static time_t now; static time_t last_chg; -static int nothing_to_do; +static int nothing_to_do = 0; unsigned int batch_interval; static int run_as_daemon = 0; +static int hupped = 0; static volatile sig_atomic_t term_signal = 0; @@ -155,9 +156,10 @@ } RETSIGTYPE -sdummy(int dummy) +set_hup(int dummy) { - /* Empty signal handler */ + hupped = 1; + nothing_to_do = 0; return; } @@ -765,6 +767,7 @@ return next_job; last_chg = buf.st_mtime; + hupped = 0; if ((spool = opendir(".")) == NULL) perr("Cannot read " ATJOB_DIR); @@ -989,7 +992,7 @@ */ sigaction(SIGHUP, NULL, &act); - act.sa_handler = sdummy; + act.sa_handler = set_hup; sigaction(SIGHUP, &act, NULL); sigaction(SIGTERM, NULL, &act); @@ -1005,9 +1008,10 @@ do { now = time(NULL); next_invocation = run_loop(); - if (next_invocation > now) { + if ((next_invocation > now) && (!hupped)) { sleep(next_invocation - now); } + hupped = 0; } while (!term_signal); daemon_cleanup(); exit(EXIT_SUCCESS); ++++++ at-3.1.8-pam.patch ++++++ --- Makefile.in +++ Makefile.in @@ -28,6 +28,7 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ SELINUXLIB = @SELINUXLIB@ +PAMLIB = @PAMLIB@ CC = @CC@ CFLAGS = @CFLAGS@ @@ -73,7 +74,7 @@ $(LN_S) -f at atrm atd: $(RUNOBJECTS) - $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) + $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) y.tab.c y.tab.h: parsetime.y $(YACC) -d parsetime.y --- atd.c +++ atd.c @@ -93,6 +93,20 @@ #include <selinux/av_permissions.h> #endif +#ifdef WITH_PAM +#include <security/pam_appl.h> +static pam_handle_t *pamh = NULL; +static const struct pam_conv conv = { + NULL +}; +#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ + fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ + syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ + pam_close_session(pamh, PAM_SILENT); \ + pam_end(pamh, retcode); exit(1); \ + } +#endif + /* Local headers */ #include "privs.h" @@ -102,6 +116,10 @@ #include "getloadavg.h" #endif +#ifndef LOG_ATD +#define LOG_ATD LOG_DAEMON +#endif + /* Macros */ #define BATCH_INTERVAL_DEFAULT 60 @@ -195,6 +213,19 @@ #define fork myfork #endif +#undef ATD_MAIL_PROGRAM +#undef ATD_MAIL_NAME +#if defined(SENDMAIL) +#define ATD_MAIL_PROGRAM SENDMAIL +#define ATD_MAIL_NAME "sendmail" +#elif defined(MAILC) +#define ATD_MAIL_PROGRAM MAILC +#define ATD_MAIL_NAME "mail" +#elif defined(MAILX) +#define ATD_MAIL_PROGRAM MAILX +#define ATD_MAIL_NAME "mailx" +#endif + static void run_file(const char *filename, uid_t uid, gid_t gid) { @@ -217,6 +248,9 @@ int ngid; char queue; unsigned long jobno; +#ifdef WITH_PAM + int retcode; +#endif sscanf(filename, "%c%5lx", &queue, &jobno); @@ -361,6 +395,23 @@ fstat(fd_out, &buf); size = buf.st_size; +#ifdef WITH_PAM + PRIV_START + retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); + PAM_FAIL_CHECK; + retcode = pam_set_item(pamh, PAM_TTY, "atd"); + PAM_FAIL_CHECK; + retcode = pam_acct_mgmt(pamh, PAM_SILENT); + PAM_FAIL_CHECK; + retcode = pam_open_session(pamh, PAM_SILENT); + PAM_FAIL_CHECK; + retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); + PAM_FAIL_CHECK; + closelog(); + openlog("atd", LOG_PID, LOG_ATD); + PRIV_END +#endif + close(STDIN_FILENO); close(STDOUT_FILENO); close(STDERR_FILENO); @@ -372,6 +423,16 @@ else if (pid == 0) { char *nul = NULL; char **nenvp = &nul; +#ifdef WITH_PAM + char **pam_envp=0L; +#endif + + PRIV_START +#ifdef WITH_PAM + pam_envp = pam_getenvlist(pamh); + if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) ) + nenvp = pam_envp; +#endif /* Set up things for the child; we want standard input from the * input file, and standard output and error sent to our output file. @@ -394,8 +455,6 @@ if (chdir(ATJOB_DIR) < 0) perr("Cannot chdir to " ATJOB_DIR); - PRIV_START - nice((tolower((int) queue) - 'a' + 1) * 2); if (initgroups(pentry->pw_name, pentry->pw_gid)) @@ -485,6 +544,24 @@ if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) perr("Exec failed for /bin/sh"); +#ifdef WITH_SELINUX + if (selinux_enabled>0) { + if (setexeccon(NULL) < 0) { + perr("Could not resset exec context for user %s\n", pentry->pw_name); + } + } +#endif + +#ifdef WITH_PAM + if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) + { + for( nenvp = pam_envp; *nenvp != 0L; nenvp++) + free(*nenvp); + free( pam_envp ); + nenvp = &nul; + pam_envp=0L; + } +#endif PRIV_END } /* We're the parent. Let's wait. @@ -498,13 +575,6 @@ */ waitpid(pid, (int *) NULL, 0); -#ifdef WITH_SELINUX - if (selinux_enabled>0) { - if (setexeccon(NULL) < 0) { - perr("Could not reset exec context for user %s\n", pentry->pw_name); - } - } -#endif /* Send mail. Unlink the output file after opening it, so it * doesn't hang around after the run. */ @@ -514,6 +584,14 @@ unlink(filename); +#ifdef WITH_PAM + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); + pam_close_session(pamh, PAM_SILENT); + pam_end(pamh, PAM_ABORT); + closelog(); + openlog("atd", LOG_PID, LOG_ATD); +#endif + /* The job is now finished. We can delete its input file. */ chdir(ATJOB_DIR); @@ -522,7 +600,31 @@ if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { + int mail_pid = -1; + +#ifdef WITH_PAM PRIV_START + retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); + PAM_FAIL_CHECK; + retcode = pam_set_item(pamh, PAM_TTY, "atd"); + PAM_FAIL_CHECK; + retcode = pam_acct_mgmt(pamh, PAM_SILENT); + PAM_FAIL_CHECK; + retcode = pam_open_session(pamh, PAM_SILENT); + PAM_FAIL_CHECK; + retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); + PAM_FAIL_CHECK; + /* PAM has now re-opened our log to auth.info ! */ + closelog(); + openlog("atd", LOG_PID, LOG_ATD); + PRIV_END +#endif + + mail_pid = fork(); + + if ( mail_pid == 0 ) + { + PRIV_START if (initgroups(pentry->pw_name, pentry->pw_gid)) perr("Cannot delete saved userids"); @@ -535,6 +637,47 @@ chdir ("/"); +#ifdef WITH_SELINUX + if (selinux_enabled>0) { + security_context_t user_context=NULL; + security_context_t file_context=NULL; + int retval=0; + struct av_decision avd; + + if (get_default_context(pentry->pw_name, NULL, &user_context)) + perr("execle: couldn't get security context for user %s\n", pentry->pw_name); + /* + * Since crontab files are not directly executed, + * crond must ensure that the crontab file has + * a context that is appropriate for the context of + * the user cron job. It performs an entrypoint + * permission check for this purpose. + */ + if (fgetfilecon(STDIN_FILENO, &file_context) < 0) + perr("fgetfilecon FAILED %s", filename); + + retval = security_compute_av(user_context, + file_context, + SECCLASS_FILE, + FILE__ENTRYPOINT, + &avd); + freecon(file_context); + if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { + if (security_getenforce()==1) + perr("Not allowed to set exec context to %s for user %s\n", user_context,pentry->pw_name); + } + + if (setexeccon(user_context) < 0) { + if (security_getenforce()==1) { + perr("Could not set exec context to %s for user %s\n", user_context,pentry->pw_name); + } else { + syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,pentry->pw_name); + } + } + freecon(user_context); + } +#endif + #if defined(SENDMAIL) execl(SENDMAIL, "sendmail", mailname, (char *) NULL); #elif defined(MAILC) @@ -546,7 +689,33 @@ #endif perr("Exec failed for mail command"); - PRIV_END + exit (-1); + +#ifdef WITH_SELINUX + if (selinux_enabled>0) { + if (setexeccon(NULL) < 0) { + perr("Could not resset exec context for user %s\n", pentry->pw_name); + } + } +#endif + + PRIV_END; + } else if ( mail_pid == -1 ) + { + perr("fork of mailer failed"); + } + else + { + /* Parent */ + waitpid(mail_pid, (int *) NULL, 0); + } +#ifdef WITH_PAM + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); + pam_close_session(pamh, PAM_SILENT); + pam_end(pamh, PAM_ABORT); + closelog(); + openlog("atd", LOG_PID, LOG_ATD); +#endif } exit(EXIT_SUCCESS); } @@ -741,7 +910,7 @@ #ifdef WITH_SELINUX selinux_enabled=is_selinux_enabled(); -#endif +#endif /* We don't need root privileges all the time; running under uid and gid * daemon is fine. */ @@ -758,12 +927,7 @@ RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid) -#ifndef LOG_CRON -#define LOG_CRON LOG_DAEMON -#endif - - openlog("atd", LOG_PID, LOG_CRON); - + openlog("atd", LOG_PID, LOG_ATD); opterr = 0; errno = 0; run_as_daemon = 1; --- config.h.in +++ config.h.in @@ -187,3 +187,7 @@ /* Define if you are building with_selinux */ #undef WITH_SELINUX + +/* Define if you are building with_pam */ +#undef WITH_PAM + --- configure.in +++ configure.in @@ -323,4 +323,11 @@ AC_SUBST(SELINUXLIB) AC_SUBST(WITH_SELINUX) +AC_ARG_WITH(pam, +[ --with-pam Define to enable pam support ], +AC_DEFINE(WITH_PAM), +) +AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') +AC_SUBST(PAMLIB) + AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch) --- perm.c +++ perm.c @@ -109,14 +109,15 @@ int check_permission() { - uid_t uid = geteuid(); + uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid(); struct passwd *pentry; int allow = 0, deny = 1; + int retcode=0; - if (uid == 0) + if (euid == 0) return 1; - if ((pentry = getpwuid(uid)) == NULL) { + if ((pentry = getpwuid(euid)) == NULL) { perror("Cannot access user database"); exit(EXIT_FAILURE); } ++++++ at-3.1.8_massive_batch.patch -> at-3.1.8.patch ++++++ --- at/at-3.1.8_massive_batch.patch 2008-04-08 17:35:15.000000000 +0200 +++ /mounts/work_src_done/STABLE/at/at-3.1.8.patch 2006-01-13 00:16:45.000000000 +0100 @@ -1,58 +1,225 @@ -Index: atd.c -=================================================================== ---- atd.c.orig 2008-04-08 17:29:40.000000000 +0200 -+++ atd.c 2008-04-08 17:30:39.611014070 +0200 -@@ -140,9 +140,10 @@ static char rcsid[] = "$Id: atd.c,v 1.28 - static double load_avg = LOADAVG_MX; - static time_t now; - static time_t last_chg; --static int nothing_to_do; -+static int nothing_to_do = 0; - unsigned int batch_interval; - static int run_as_daemon = 0; -+static int hupped = 0; - +--- Makefile.in ++++ Makefile.in +@@ -87,37 +87,35 @@ + $(CC) -c $(CFLAGS) $(DEFS) $*.c + + install: all +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(etcdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(bindir) ++ $(INSTALL) -m 755 -d $(IROOT)$(sbindir) ++ $(INSTALL) -m 755 -d $(IROOT)$(docdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) + $(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR) +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) ++ $(INSTALL) -m 755 -d $(IROOT)$(ATSPOOL_DIR) + chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) +- chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) + touch $(IROOT)$(LFILE) + chmod 600 $(IROOT)$(LFILE) +- chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE) +- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -m 600 at.deny $(IROOT)$(etcdir)/ +- $(INSTALL) -g root -o root -m 4755 -s at $(IROOT)$(bindir) ++ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/ ++ $(INSTALL) -m 4755 at $(IROOT)$(bindir) + $(LN_S) -f at $(IROOT)$(bindir)/atq + $(LN_S) -f at $(IROOT)$(bindir)/atrm +- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) +- $(INSTALL) -g root -o root -m 755 -s atd $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/ ++ $(INSTALL) -m 755 batch $(IROOT)$(bindir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man1dir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man5dir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man8dir) ++ $(INSTALL) -m 755 atd $(IROOT)$(sbindir) ++ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir) ++ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/ + cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 +- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/ ++ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/ + sed "s,$${exec_prefix},$(exec_prefix),g" <atrun.8>tmpman +- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 ++ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 + rm -f tmpman +- $(INSTALL) -g root -o root -m 644 at_allow.5 $(IROOT)$(man5dir)/ +- cd $(IROOT)$(man5dir) && $(LN_S) -f at_allow.5 at_deny.5 +- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir) ++ $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/ ++ $(INSTALL) -m 644 at.deny.5 $(IROOT)$(man5dir)/ ++ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir) + rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ + $(IROOT)$(mandir)/cat1/atq.1* + rm -f $(IROOT)$(mandir)/cat1/atd.8* +--- Problems ++++ Problems +@@ -5,7 +5,7 @@ + + make -f Makefile.old install + +-- You may not have a user or group 'daemon' on your system. ++- You may not have a user or group 'at' on your system. + + - If you find numerous 'try again' error messages in your syslog files, + you have too many processes running; recompile your kernel for a +--- README ++++ README +@@ -23,7 +23,7 @@ + + The old one is to put + +-* * * * 0,5,10,15,20,25,30,35,40,45,50,55 /usr/lib/atrun ++* * * * 0,5,10,15,20,25,30,35,40,45,50,55 /usr/sbin/atrun + + into root's crontab file (or wherever you put the atrun binary; + don't forget to start up cron.) +--- atd.c ++++ atd.c +@@ -1,4 +1,4 @@ +-/* ++/* + * atd.c - run jobs queued by at; run with root privileges. + * Copyright (C) 1993, 1994, 1996 Thomas Koenig + * +@@ -22,7 +22,7 @@ + #include "config.h" + #endif + +-/* ++/* + * /usr/bin/mail aka /usr/bin/mailx require the subject to be + * specified on the command line instead of reading it from stdin like + * /usr/sbin/sendmail does. For now simply disable MAILC and MAILX, +@@ -121,14 +121,14 @@ static volatile sig_atomic_t term_signal = 0; -@@ -155,9 +156,10 @@ set_term(int dummy) + /* Signal handlers */ +-RETSIGTYPE ++RETSIGTYPE + set_term(int dummy) + { + term_signal = 1; + return; } - RETSIGTYPE --sdummy(int dummy) -+set_hup(int dummy) +-RETSIGTYPE ++RETSIGTYPE + sdummy(int dummy) { -- /* Empty signal handler */ -+ hupped = 1; -+ nothing_to_do = 0; - return; + /* Empty signal handler */ +@@ -156,7 +156,7 @@ + } + return; } +- ++ -@@ -737,6 +739,7 @@ run_loop() - return next_job; - last_chg = buf.st_mtime; - -+ hupped = 0; - if ((spool = opendir(".")) == NULL) - perr("Cannot read " ATJOB_DIR); + /* Local functions */ + +@@ -196,7 +196,7 @@ + */ + pid_t pid; + int fd_out, fd_in; +- char mailbuf[9], jobbuf[9]; ++ char mailbuf[17], jobbuf[9]; + char *mailname = NULL; + char *newname; + FILE *stream; +@@ -290,7 +290,12 @@ + if ((fflags = fcntl(fd_in, F_GETFD)) < 0) + perr("Error in fcntl"); + +- fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); ++ /* ++ ** fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); ++ ** What's that? This fcntl() removes the CLOSE_ON_EXEC flag. ++ */ ++ if(fcntl(fd_in, F_SETFD, fflags | FD_CLOEXEC) < 0) ++ perr("Error in fcntl"); + + /* + * If the spool directory is mounted via NFS `atd' isn't able to +@@ -299,7 +304,7 @@ + * NFS and works with local file systems. It's not clear where + * the bug is located. -Joey + */ +- if (fscanf(stream, "#!/bin/sh\n# atrun uid=%d gid=%d\n# mail %8s %d", ++ if (fscanf(stream, "#!/bin/sh\n# atrun uid=%d gid=%d\n# mail %16s %d", + &nuid, &ngid, mailbuf, &send_mail) != 4) + pabort("File %.500s is in wrong format - aborting", + filename); +@@ -328,7 +333,7 @@ + perr("Cannot chdir to " ATSPOOL_DIR); + + /* Create a file to hold the output of the job we are about to run. +- * Write the mail header. Complain in case ++ * Write the mail header. Complain in case + */ -@@ -961,7 +964,7 @@ main(int argc, char *argv[]) + if (unlink(filename) != -1) { +@@ -343,7 +348,7 @@ + write_string(fd_out, "Subject: Output from your job "); + write_string(fd_out, jobbuf); + write_string(fd_out, "\nTo: "); +- write_string(fd_out, mailname); ++ write_string(fd_out, mailname); + write_string(fd_out, "\n\n"); + fstat(fd_out, &buf); + size = buf.st_size; +@@ -394,6 +399,9 @@ + if (setuid(uid) < 0) + perr("Cannot set user id"); + ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ perr("Cannot reset signal handler to default"); ++ + chdir("/"); + + if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) +@@ -408,7 +416,7 @@ + + /* We inherited the master's SIGCHLD handler, which does a + non-blocking waitpid. So this blocking one will eventually +- return with an ECHILD error. ++ return with an ECHILD error. */ + waitpid(pid, (int *) NULL, 0); - sigaction(SIGHUP, NULL, &act); -- act.sa_handler = sdummy; -+ act.sa_handler = set_hup; - sigaction(SIGHUP, &act, NULL); - - sigaction(SIGTERM, NULL, &act); -@@ -977,9 +980,10 @@ main(int argc, char *argv[]) - do { - now = time(NULL); - next_invocation = run_loop(); -- if (next_invocation > now) { -+ if ((next_invocation > now) && (!hupped)) { - sleep(next_invocation - now); - } -+ hupped = 0; - } while (!term_signal); - daemon_cleanup(); - exit(EXIT_SUCCESS); +@@ -557,7 +565,8 @@ + /* Something went wrong the last time this was executed. + * Let's remove the lockfile and reschedule. + */ +- strncpy(lock_name, dirent->d_name, sizeof(lock_name)); ++ strncpy(lock_name, dirent->d_name, sizeof(lock_name)-1); ++ lock_name[sizeof(lock_name)-1] = 0; + lock_name[0] = '='; + unlink(lock_name); + next_job = now; +@@ -591,7 +600,8 @@ + */ + run_batch++; + if (strcmp(batch_name, dirent->d_name) > 0) { +- strncpy(batch_name, dirent->d_name, sizeof(batch_name)); ++ strncpy(batch_name, dirent->d_name, sizeof(batch_name)-1); ++ batch_name[sizeof(batch_name)-1] = 0; + batch_uid = buf.st_uid; + batch_gid = buf.st_gid; + batch_queue = queue; +--- configure.in ++++ configure.in +@@ -126,7 +126,7 @@ + fi + + AC_MSG_CHECKING(location of spool directory) +-if test -d /var/spool/atjobs ; then ++if test -d /var/spool ; then + sp=/var/spool + AC_DEFINE(SPOOLDIR, "/var/spool") + AC_MSG_RESULT(Using existing /var/spool/at{jobs|run}) ++++++ at-3.1.8-pie.patch ++++++ --- /var/tmp/diff_new_pack.I13681/_old 2009-01-08 14:50:05.000000000 +0100 +++ /var/tmp/diff_new_pack.I13681/_new 2009-01-08 14:50:05.000000000 +0100 @@ -1,6 +1,6 @@ ---- at-3.1.8/Makefile.in.pie 2004-05-12 11:11:07.690785433 +0200 -+++ at-3.1.8/Makefile.in 2004-05-12 11:23:10.367957697 +0200 -@@ -69,13 +69,13 @@ +--- Makefile.in ++++ Makefile.in +@@ -67,13 +67,13 @@ all: at atd atrun at: $(ATOBJECTS) @@ -16,7 +16,7 @@ y.tab.c y.tab.h: parsetime.y $(YACC) -d parsetime.y -@@ -87,7 +87,7 @@ +@@ -85,7 +85,7 @@ configure .c.o: ++++++ at-3.1.8-selinux.patch ++++++ --- Makefile.in +++ Makefile.in @@ -27,6 +27,7 @@ YACC = @YACC@ LEX = @LEX@ LEXLIB = @LEXLIB@ +SELINUXLIB = @SELINUXLIB@ CC = @CC@ CFLAGS = @CFLAGS@ @@ -72,7 +73,7 @@ $(LN_S) -f at atrm atd: $(RUNOBJECTS) - $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) + $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) y.tab.c y.tab.h: parsetime.y $(YACC) -d parsetime.y --- atd.c +++ atd.c @@ -85,6 +85,14 @@ #include <syslog.h> #endif +#ifdef WITH_SELINUX +#include <selinux/selinux.h> +#include <selinux/get_context_list.h> +int selinux_enabled=0; +#include <selinux/flask.h> +#include <selinux/av_permissions.h> +#endif + /* Local headers */ #include "privs.h" @@ -404,6 +412,76 @@ chdir("/"); +#ifdef WITH_SELINUX + if (selinux_enabled>0) { + security_context_t file_context=NULL; + security_context_t *context_list=NULL; + security_context_t current_con=NULL; + int retval=0, list_count=0, i; + struct av_decision avd; + char *seuser=NULL, *level=NULL; + + if (getseuserbyname(pentry->pw_name, &seuser, &level)) + perr("getseuserbyname FAILED for %s\n", pentry->pw_name); + + if(getcon(¤t_con)) { + free(seuser); + free(level); + perr("Can't get current context"); + } + list_count = get_ordered_context_list_with_level(seuser, level, current_con, &context_list); + freecon(current_con); + free(seuser); + free(level); + if (list_count == -1) { + if (security_getenforce() > 0) + perr("Couldn't get security context for user %s\n", pentry->pw_name); + else + syslog(LOG_WARNING, "Couldn't get security context for user %s, but in permissive mode", pentry->pw_name); + } + + /* + * Since crontab files are not directly executed, + * crond must ensure that the crontab file has + * a context that is appropriate for the context of + * the user cron job. It performs an entrypoint + * permission check for this purpose. + */ + if (list_count != -1) { + if (fgetfilecon(STDIN_FILENO, &file_context) < 0) { + if (security_getenforce() > 0) + perr("fgetfilecon FAILED for user %s", pentry->pw_name); + } + + for(i = 0; i < list_count; i++) { + retval = security_compute_av(context_list[i], + file_context, + SECCLASS_FILE, + FILE__ENTRYPOINT, + &avd); + if (!retval && ((FILE__ENTRYPOINT & avd.allowed) == FILE__ENTRYPOINT)) + break; + } + } + freecon(file_context); + if (list_count != -1 && (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT))) { + if (security_getenforce()==1) + perr("Not allowed to set exec context for user %s\n", pentry->pw_name); + else + syslog(LOG_WARNING, "Not allowed to set exec context for user %s, but in permissive mode", pentry->pw_name); + } + + if ((list_count != -1 || retval) && setexeccon(context_list[i]) < 0) { + if (security_getenforce()==1) { + perr("Could not set exec context to %s for user %s\n", context_list[i], pentry->pw_name); + } else { + syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", context_list[i], pentry->pw_name); + } + } + freeconary(context_list); + } +#endif + if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) perr("Exec failed for /bin/sh"); @@ -420,6 +498,13 @@ */ waitpid(pid, (int *) NULL, 0); +#ifdef WITH_SELINUX + if (selinux_enabled>0) { + if (setexeccon(NULL) < 0) { + perr("Could not reset exec context for user %s\n", pentry->pw_name); + } + } +#endif /* Send mail. Unlink the output file after opening it, so it * doesn't hang around after the run. */ @@ -654,6 +739,9 @@ struct passwd *pwe; struct group *ge; +#ifdef WITH_SELINUX + selinux_enabled=is_selinux_enabled(); +#endif /* We don't need root privileges all the time; running under uid and gid * daemon is fine. */ --- config.h.in +++ config.h.in @@ -184,3 +184,6 @@ #undef DEFAULT_BATCH_QUEUE #undef HAVE_ATTRIBUTE_NORETURN + +/* Define if you are building with_selinux */ +#undef WITH_SELINUX --- configure.in +++ configure.in @@ -315,4 +315,12 @@ ) AC_SUBST(DAEMON_GROUPNAME) +AC_ARG_WITH(selinux, +[ --with-selinux Define to run with selinux], +AC_DEFINE(WITH_SELINUX), +) +AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) +AC_SUBST(SELINUXLIB) +AC_SUBST(WITH_SELINUX) + AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org