don't reset selinux context during CHANGE events

- add temporary workaround for #1147910
2014-10-01 14:05:41 +02:00 · 2014-10-01 14:05:41 +02:00 · 9a5afe8dab
commit 9a5afe8dab
parent 0019b3e60d
2 changed files with 33 additions and 1 deletions
--- a/0001-udev-set-default-selinux-label-only-at-add-events.patch
+++ b/0001-udev-set-default-selinux-label-only-at-add-events.patch
@ -0,0 +1,25 @@
+From 9a1121532e361c23bc632acc81fa0767e937a507 Mon Sep 17 00:00:00 2001
+From: Federico Simoncelli <fsimonce@redhat.com>
+Date: Tue, 30 Sep 2014 13:01:49 +0000
+Subject: [PATCH] udev: set default selinux label only at "add" events
+
+---
+ src/udev/udev-node.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
+index d42af9a..ae117a0 100644
+--- a/src/udev/udev-node.c
+++ b/src/udev/udev-node.c
+@@ -314,7 +314,7 @@ static int node_permissions_apply(struct udev_device *dev, bool apply,
+                 }
+ 
+                 /* set the defaults */
+-                if (!selinux)
+                if (!selinux && streq(udev_device_get_action(dev), "add"))
+                         label_fix(devnode, true, false);
+                 if (!smack)
+                         smack_label_path(devnode, NULL);
+-- 
+1.8.3.1
+
--- a/systemd.spec
+++ b/systemd.spec
@ -16,7 +16,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        216
-Release:        6%{?gitcommit:.git%{gitcommit}}%{?dist}
+Release:        7%{?gitcommit:.git%{gitcommit}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        A System and Service Manager
@ -58,6 +58,9 @@ Patch0011:      0011-Revert-timesyncd-remove-retry_timer-logic-which-is-c.patch
 # kernel-install patch for grubby, drop if grubby is obsolete
 Patch1000:      kernel-install-grubby.patch

+# temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1147910
+Patch1001:      0001-udev-set-default-selinux-label-only-at-add-events.patch
+
 %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}

 BuildRequires:  libcap-devel
@ -814,6 +817,10 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
 %{_datadir}/systemd/gatewayd

 %changelog
+* Wed Oct 01 2014 Lukáš Nykrýn <lnykryn@redhat.com> - 216-7
+- add temporary workaround for #1147910
+- don't reset selinux context during CHANGE events
+
 * Wed Sep 10 2014 Michal Schmidt <mschmidt@redhat.com> - 216-6
 - Update timesyncd with patches to avoid hitting NTP pool too often.