Backport patch for /root relabeling

upstream: https://github.com/coreos/ignition/pull/613
2018-08-15 10:55:56 -04:00 · 2018-08-15 10:55:56 -04:00 · 5597ff7efc
commit 5597ff7efc
parent 6cb4a05cfc
2 changed files with 37 additions and 1 deletions
--- a/0001-stages-files-also-relabel-root-home-dir.patch
+++ b/0001-stages-files-also-relabel-root-home-dir.patch
@ -0,0 +1,28 @@
+From bff783ab7995370b254b9b461060f573ed031a80 Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jonathan@jlebon.com>
+Date: Tue, 14 Aug 2018 15:38:25 -0400
+Subject: [PATCH] stages/files: also relabel /root home dir
+
+For the same reasons that `/home` is in that list. The difference is
+that the "root" user will always exist, but we might be touching and
+creating files there. For example, we might be adding an
+`.ssh/authorized_keys`, which will need to be relabeled.
+---
+ internal/exec/stages/files/passwd.go | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/internal/exec/stages/files/passwd.go b/internal/exec/stages/files/passwd.go
+index df16559..2eecd40 100644
+--- a/internal/exec/stages/files/passwd.go
+++ b/internal/exec/stages/files/passwd.go
+@@ -40,6 +40,7 @@ func (s *stage) createPasswd(config types.Config) error {
+ 			"/etc/gshadow*",
+ 			"/etc/.pwd.lock",
+ 			"/home",
+			"/root",
+ 		)
+ 	}
+ 
+-- 
+2.17.1
+
--- a/ignition.spec
+++ b/ignition.spec
@ -79,12 +79,14 @@

 Name:           ignition
 Version:        0.27.0
-Release:        1.git%{shortcommit}%{?dist}
+Release:        2.git%{shortcommit}%{?dist}
 Summary:        First boot installer and configuration tool
 License:        ASL 2.0
 URL:            https://%{provider_prefix}
 Source0:        https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz

+Patch0: 0001-stages-files-also-relabel-root-home-dir.patch
+
 # e.g. el6 has ppc64 arch without gcc-go, so EA tag is required
 ExclusiveArch:  %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
 # If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
@ -327,6 +329,8 @@ initramfs on boot.
 # setup command reference: http://ftp.rpm.org/max-rpm/s1-rpm-inside-macros.html
 # unpack source0 and apply patches
 %setup -T -b 0 -q -n %{repo}-%{commit}
+%patch0 -p1
+
 # unpack source1 (dracut modules)
 %setup -T -D -a 1 -q -n %{repo}-%{commit}

@ -470,6 +474,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %endif

 %changelog
+* Wed Aug 15 2018 Jonathan Lebon <jonathan@jlebon.com> - 0.27.0-2.gitcc7ebe0
+- Backport patch for /root relabeling
+  https://github.com/coreos/ignition/pull/613
+
 * Fri Aug 10 2018 Jonathan Lebon <jonathan@jlebon.com> - 0.27.0-1.gitcc7ebe0
 - New release 0.27.0