passt-0^20230818.g0af928e-3.el9

pasta and pasta.avx2 are now hard links, and their file context didn't change from previous versions, but the SELinux plug-in of rpm(8) might mix up their contexts depending on the order of entries in the archive. This doesn't happen on Fedora by luck, but on RHEL: D: create 100755 1 ( 0, 0)184640 /usr/bin/passt.avx2;64e4a813 ufdio: 6 writes, 184640 total bytes in 0.000104 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (/usr/bin/passt.avx2;64e4a813, system_u:object_r:passt_exec_t:s0) D: create 100755 1 ( 0, 0)184640 /usr/bin/pasta.avx2;64e4a813 ufdio: 6 writes, 184640 total bytes in 0.000065 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (/usr/bin/pasta.avx2;64e4a813, system_u:object_r:pasta_exec_t:s0) so far so good. Then: D: create 100755 2 ( 0, 0) 0 /usr/bin/passt;64e4a813 D: create 100755 2 ( 0, 0)164128 /usr/bin/pasta;64e4a813 ufdio: 6 writes, 164128 total bytes in 0.000058 secs D: Plugin: calling hook fsm_file_prepare in selinux plugin D: lsetfilecon: (/usr/bin/pasta;64e4a813, system_u:object_r:pasta_exec_t:s0) which leads to: [sbrivio@passt ~]$ ls -lZ /usr/bin/passt -rwxr-xr-x. 2 root root system_u:object_r:pasta_exec_t:s0 164128 Aug 21 17:53 /usr/bin/passt [sbrivio@passt ~]$ ls -lZ /usr/bin/passt.avx2 -rwxr-xr-x. 1 root root system_u:object_r:passt_exec_t:s0 184640 Aug 21 17:53 /usr/bin/passt.avx2 [sbrivio@passt ~]$ ls -lZ /usr/bin/pasta -rwxr-xr-x. 2 root root system_u:object_r:pasta_exec_t:s0 164128 Aug 21 17:53 /usr/bin/pasta [sbrivio@passt ~]$ ls -lZ /usr/bin/pasta.avx2 -rwxr-xr-x. 1 root root system_u:object_r:pasta_exec_t:s0 184640 Aug 21 17:53 /usr/bin/pasta.avx2 Add (back) an explicit restorecon call in the scriptlet. Resolves: RHELPLAN-155811
2023-08-22 15:44:29 +02:00 · 2023-08-22 15:44:29 +02:00 · 7375212a6a
commit 7375212a6a
parent 520bfe09a9
1 changed files with 15 additions and 1 deletions
--- a/passt.spec
+++ b/passt.spec
@ -12,7 +12,7 @@
 Name:		passt
 Version:	0^20230818.g0af928e
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	User-mode networking daemons for virtual machines and namespaces
 License:	GPLv2+ and BSD
 Group:		System Environment/Daemons
@ -91,6 +91,16 @@ fi
 %posttrans selinux
 %selinux_relabel_post -s %{selinuxtype}
 # pasta is a hard link to passt, and, depending on the order of archiving,
 # rpm(8) might or might not associate (lsetfilecon) the same context to both
 # entries, see rpmPackageFilesInstall() in lib/fsm.c. If there's no difference
 # in file contexts compared to a previous installed version,
 # %selinux_relabel_post won't touch the labels, so we need to ensure that the
 # right labels are applied to hard links, here.
 restorecon %{_bindir}/passt %{_bindir}/pasta || :
 %ifarch x86_64
 restorecon %{_bindir}/passt.avx2 %{_bindir}/pasta.avx2 || :
 %endif
 %files
 %license LICENSES/{GPL-2.0-or-later.txt,BSD-3-Clause.txt}
@ -116,6 +126,10 @@ fi
 %{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
 %changelog
 * Tue Aug 22 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-3
 - Explicit restorecon in scriptlet as rpm(8) mix up contexts with hard links
 - Resolves: RHELPLAN-155811
 * Mon Aug 21 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-2
 - Drop user_namespace create allow rule, incompatible with current el9 kernel
 - Resolves: RHELPLAN-155811