Several fixes to restorecond

[Daniel J Walsh <dwalsh@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 660 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Init script should be 755

libflashplayer.so has moved in the homedir and is now correct so no
longer needs to have labeling checked.

restorecond supports glob matching and should not complain on multiple
hard links if they match a glob.

So if a file has > 1 link and is an exact match complain, otherwise do not.

Also fix a couple of error messages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkma6JYACgkQrlYvE4MpobOoIACfUgUfpCuhvVTWyHgsq7/8hY0z
9WcAmgPK2KktAlY84HhtRmdu/Hy+9eE/
=zcCj
-----END PGP SIGNATURE-----

[-- Attachment #2: restorecond.patch --]
[-- Type: text/plain, Size: 5079 bytes --]

--- nsapolicycoreutils/restorecond/Makefile	2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/Makefile	2009-01-30 11:22:46.000000000 -0500
@@ -20,7 +20,7 @@
 	install -m 755 restorecond $(SBINDIR)
 	install -m 644 restorecond.8 $(MANDIR)/man8
 	-mkdir -p $(INITDIR)
-	install -m 644 restorecond.init $(INITDIR)/restorecond
+	install -m 755 restorecond.init $(INITDIR)/restorecond
 	-mkdir -p $(SELINUXDIR)
 	install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf
 
--- nsapolicycoreutils/restorecond/restorecond.conf	2008-09-12 11:48:15.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/restorecond.conf	2009-01-30 11:10:14.000000000 -0500
@@ -5,4 +5,3 @@
 /var/run/utmp
 /var/log/wtmp
 ~/*
-~/.mozilla/plugins/libflashplayer.so
--- nsapolicycoreutils/restorecond/restorecond.c	2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/restorecond.c	2009-01-30 11:21:09.000000000 -0500
@@ -1,7 +1,7 @@
 /*
  * restorecond
  *
- * Copyright (C) 2006 Red Hat 
+ * Copyright (C) 2006-2009 Red Hat 
  * see file 'COPYING' for use and warranty information
  *
  * This program is free software; you can redistribute it and/or
@@ -75,7 +75,7 @@
 static int debug_mode = 0;
 static int verbose_mode = 0;
 
-static void restore(const char *filename);
+static void restore(const char *filename, int exact);
 
 struct watchList {
 	struct watchList *next;
@@ -113,12 +113,13 @@
 		printf("%d: File=%s\n", wd, file);
 	while (ptr != NULL) {
 		if (ptr->wd == wd) {
-			if (strings_list_find(ptr->files, file) == 0) {
+			int exact=0;
+			if (strings_list_find(ptr->files, file, &exact) == 0) {
 				char *path = NULL;
 				if (asprintf(&path, "%s/%s", ptr->dir, file) <
 				    0)
 					exitApp("Error allocating memory.");
-				restore(path);
+				restore(path, exact);
 				free(path);
 				return 0;
 			}
@@ -155,7 +156,7 @@
    Set the file context to the default file context for this system.
    Same as restorecon.
 */
-static void restore(const char *filename)
+static void restore(const char *filename, int exact)
 {
 	int retcontext = 0;
 	security_context_t scontext = NULL;
@@ -181,9 +182,11 @@
 	}
 
 	if (!(st.st_mode & S_IFDIR) && st.st_nlink > 1) {
-		syslog(LOG_ERR,
-		       "Will not restore a file with more than one hard link (%s) %s\n",
-		       filename, strerror(errno));
+		if (exact) { 
+			syslog(LOG_ERR,
+			       "Will not restore a file with more than one hard link (%s) %s\n",
+			       filename, strerror(errno));
+		}
 		close(fd);
 		return;
 	}
@@ -283,6 +286,8 @@
 	inotify_rm_watch(fd, master_wd);
 	master_wd =
 	    inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
+	if (master_wd == -1)
+		exitApp("Error watching config file.");
 }
 
 /* 
@@ -396,7 +401,7 @@
 	char *file = basename(path);
 	ptr = firstDir;
 
-	restore(path);
+	restore(path, 1);
 
 	while (ptr != NULL) {
 		if (strcmp(dir, ptr->dir) == 0) {
@@ -411,7 +416,14 @@
 
 	if (!ptr)
 		exitApp("Out of Memory");
+
 	ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
+	if (ptr->wd == -1) {
+		free(ptr);
+		syslog(LOG_ERR, "Unable to watch (%s) %s\n",
+		       path, strerror(errno));
+		return;
+	}
 
 	ptr->dir = strdup(dir);
 	if (!ptr->dir)
--- nsapolicycoreutils/restorecond/stringslist.c	2008-09-12 11:48:15.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/stringslist.c	2009-01-30 11:20:48.000000000 -0500
@@ -55,9 +55,10 @@
 		*list = newptr;
 }
 
-int strings_list_find(struct stringsList *ptr, const char *string)
+int strings_list_find(struct stringsList *ptr, const char *string, int *exact)
 {
 	while (ptr) {
+		*exact = strcmp(ptr->string, string) == 0;
 		int cmp = fnmatch(ptr->string, string, 0);
 		if (cmp == 0) 
 			return 0;	/* Match found */
--- nsapolicycoreutils/restorecond/stringslist.h	2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/stringslist.h	2009-01-30 11:27:00.000000000 -0500
@@ -31,7 +31,7 @@
 void strings_list_free(struct stringsList *list);
 void strings_list_add(struct stringsList **list, const char *string);
 void strings_list_print(struct stringsList *list);
-int strings_list_find(struct stringsList *list, const char *string);
+int strings_list_find(struct stringsList *list, const char *string, int *exact);
 int strings_list_diff(struct stringsList *from, struct stringsList *to);
 
 #endif
--- nsapolicycoreutils/restorecond/utmpwatcher.c	2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.61/restorecond/utmpwatcher.c	2009-01-20 09:49:03.000000000 -0500
@@ -57,7 +57,7 @@
 	utmp_ptr = NULL;
 	FILE *cfg = fopen(utmp_path, "r");
 	if (!cfg)
-		exitApp("Error reading config file.");
+		exitApp("Error reading utmp file.");
 
 	while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
 		if (u.ut_type == USER_PROCESS)
@@ -69,6 +69,9 @@
 
 	utmp_wd =
 	    inotify_add_watch(inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
+	if (utmp_wd == -1)
+		exitApp("Error watching utmp file.");
+
 	if (prev_utmp_ptr) {
 		changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
 		strings_list_free(prev_utmp_ptr);

[-- Attachment #3: restorecond.patch.sig --]
[-- Type: application/pgp-signature, Size: 72 bytes --]