rpms/systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Revert "don't reset selinux context during CHANGE events"

Browse Source 
This reverts commit 9a5afe8dab.

We must not diconnect selinux label application from udev's primary
device node permission handling. They are all applied by udev at
the same time or not applied at all.

External tools which mangle device node permissions must not
install rules to instruct udev to manage the permissions, they
can *own* the device nodes but need to call chmod()/chown()
themselves.
This commit is contained in:
Kay Sievers 2014-10-01 20:07:58 +02:00
parent 9a5afe8dab
commit 5cdc00d6e6
2 changed files with 4 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
0001-udev-set-default-selinux-label-only-at-add-events.patch
View File

@ -1,25 +0,0 @@
From 9a1121532e361c23bc632acc81fa0767e937a507 Mon Sep 17 00:00:00 2001
From: Federico Simoncelli <fsimonce@redhat.com>
Date: Tue, 30 Sep 2014 13:01:49 +0000
Subject: [PATCH] udev: set default selinux label only at "add" events
---
src/udev/udev-node.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
index d42af9a..ae117a0 100644
--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
@@ -314,7 +314,7 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
}
/* set the defaults */
- if (!selinux)
+ if (!selinux && streq(udev_device_get_action(dev), "add"))
label_fix(devnode, true, false);
if (!smack)
smack_label_path(devnode, NULL);
--
1.8.3.1

8
systemd.spec
View File

@ -16,7 +16,7 @@
Name: systemd Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 216 Version: 216
Release: 7%{?gitcommit:.git%{gitcommit}}%{?dist} Release: 8%{?gitcommit:.git%{gitcommit}}%{?dist}
# For a breakdown of the licensing, see README # For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+ License: LGPLv2+ and MIT and GPLv2+
Summary: A System and Service Manager Summary: A System and Service Manager
@ -58,9 +58,6 @@ Patch0011: 0011-Revert-timesyncd-remove-retry_timer-logic-which-is-c.patch
# kernel-install patch for grubby, drop if grubby is obsolete # kernel-install patch for grubby, drop if grubby is obsolete
Patch1000: kernel-install-grubby.patch Patch1000: kernel-install-grubby.patch
# temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1147910
Patch1001: 0001-udev-set-default-selinux-label-only-at-add-events.patch
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
BuildRequires: libcap-devel BuildRequires: libcap-devel
@ -817,6 +814,9 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
%{_datadir}/systemd/gatewayd %{_datadir}/systemd/gatewayd
%changelog %changelog
* Wed Oct 01 2014 Kay Sievers <kay@redhat.com> - 216-8
- revert "don't reset selinux context during CHANGE events"
* Wed Oct 01 2014 Lukáš Nykrýn <lnykryn@redhat.com> - 216-7 * Wed Oct 01 2014 Lukáš Nykrýn <lnykryn@redhat.com> - 216-7
- add temporary workaround for #1147910 - add temporary workaround for #1147910
- don't reset selinux context during CHANGE events - don't reset selinux context during CHANGE events