Hi Laurent, sorry for the delay. I changed something in my bug subscription mails, and never saw this bug (probably because I'm "only" in Uploaders).
On 13.09.19 16:49, Laurent Bigonville wrote: > Control: tags 924716 + pending > > > Dear maintainer, > > I've prepared an NMU for cron (versioned as 3.0pl1-134.1) and > uploaded it to DELAYED/10. Please feel free to tell me if I > should delay it longer. No need to NMU -- I'll upload a fix today. Thank you both for your work on the patches! Regards, Christian > > Regards. > > diff -u cron-3.0pl1/debian/changelog cron-3.0pl1/debian/changelog > --- cron-3.0pl1/debian/changelog > +++ cron-3.0pl1/debian/changelog > @@ -1,3 +1,10 @@ > +cron (3.0pl1-134.1) unstable; urgency=medium > + > + * Non-maintainer upload. > + * Stop using obsolete SELinux API (Closes: #924716) > + > + -- Laurent Bigonville <[email protected]> Fri, 13 Sep 2019 16:27:42 +0200 > + > cron (3.0pl1-134) unstable; urgency=medium > > * Increase maximum crontab length to 10,000 lines. > diff -u cron-3.0pl1/user.c cron-3.0pl1/user.c > --- cron-3.0pl1/user.c > +++ cron-3.0pl1/user.c > @@ -31,8 +31,6 @@ > #ifdef WITH_SELINUX > #include <selinux/context.h> > #include <selinux/selinux.h> > -#include <selinux/flask.h> > -#include <selinux/av_permissions.h> > #include <selinux/get_context_list.h> > > static int get_security_context(char *name, int crontab_fd, > security_context_t > @@ -108,13 +106,35 @@ > * permission check for this purpose. > */ > > + security_class_t tclass = string_to_security_class("file"); > + if (!tclass) { > + log_it(name, getpid(), "Failed to translate security class > file", tabname); > + freeconary(context_list); > + if (security_deny_unknown() == 0) { > + return 0; > + } else { > + return -1; > + } > + } > + > + access_vector_t bit = string_to_av_perm(tclass, "entrypoint"); > + if (!bit) { > + log_it(name, getpid(), "Failed to translate av perm > entrypoint", tabname); > + freeconary(context_list); > + if (security_deny_unknown() == 0) { > + return 0; > + } else { > + return -1; > + } > + } > + > for (i = 0; i < list_count; i++) { > retval = security_compute_av(context_list[i], > file_context, > - SECCLASS_FILE, > - FILE__ENTRYPOINT, > + tclass, > + bit, > &avd); > - if (!retval && ((FILE__ENTRYPOINT & avd.allowed) == > FILE__ENTRYPOINT)) { > + if(!retval && ((bit & avd.allowed) == bit)) { > *rcontext = strdup(context_list[i]); > freecon(file_context); > freeconary(context_list); >

