Explicitly relabel hwdb.bin after writing the database
Resolves: #1395211
This commit is contained in:
parent
f4cc4c90ab
commit
6037cb4380
56
0053-hwdb-selinuxify-a-bit-3460.patch
Normal file
56
0053-hwdb-selinuxify-a-bit-3460.patch
Normal file
@ -0,0 +1,56 @@
|
||||
From a28a4f85b63f7d6aa531ee01b01c9dabb01de6e9 Mon Sep 17 00:00:00 2001
|
||||
From: Evgeny Vereshchagin <evvers@ya.ru>
|
||||
Date: Tue, 7 Jun 2016 20:47:41 +0300
|
||||
Subject: [PATCH] hwdb: selinuxify a bit (#3460)
|
||||
|
||||
-bash-4.3# rm /etc/udev/hwdb.bin
|
||||
-bash-4.3# systemd-hwdb update
|
||||
-bash-4.3# ls -Z /etc/udev/hwdb.bin
|
||||
system_u:object_r:systemd_hwdb_etc_t:s0 /etc/udev/hwdb.bin
|
||||
|
||||
Fixes: #3458
|
||||
---
|
||||
src/hwdb/hwdb.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c
|
||||
index 1160dac..e12cd93 100644
|
||||
--- a/src/hwdb/hwdb.c
|
||||
+++ b/src/hwdb/hwdb.c
|
||||
@@ -29,7 +29,9 @@
|
||||
#include "fs-util.h"
|
||||
#include "hwdb-internal.h"
|
||||
#include "hwdb-util.h"
|
||||
+#include "label.h"
|
||||
#include "mkdir.h"
|
||||
+#include "selinux-util.h"
|
||||
#include "strbuf.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
@@ -643,12 +645,12 @@ static int hwdb_update(int argc, char *argv[], void *userdata) {
|
||||
if (!hwdb_bin)
|
||||
return -ENOMEM;
|
||||
|
||||
- mkdir_parents(hwdb_bin, 0755);
|
||||
+ mkdir_parents_label(hwdb_bin, 0755);
|
||||
r = trie_store(trie, hwdb_bin);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failure writing database %s: %m", hwdb_bin);
|
||||
|
||||
- return 0;
|
||||
+ return label_fix(hwdb_bin, false, false);
|
||||
}
|
||||
|
||||
static void help(void) {
|
||||
@@ -732,6 +734,8 @@ int main (int argc, char *argv[]) {
|
||||
if (r <= 0)
|
||||
goto finish;
|
||||
|
||||
+ mac_selinux_init();
|
||||
+
|
||||
r = hwdb_main(argc, argv);
|
||||
|
||||
finish:
|
||||
--
|
||||
2.9.3
|
||||
|
@ -0,0 +1,48 @@
|
||||
From 0c780236462b3e1b43de9af2339c21377b51b782 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekletar@users.noreply.github.com>
|
||||
Date: Fri, 8 Jul 2016 17:43:05 +0200
|
||||
Subject: [PATCH] udevadm: explicitly relabel /etc/udev/hwdb.bin after rename
|
||||
(#3686)
|
||||
|
||||
This is basically the same change as ea68351.
|
||||
|
||||
(cherry picked from commit 905c37e60ef653557d0354c2afa94546c31efe50)
|
||||
Resolves: #1395211
|
||||
---
|
||||
src/udev/udevadm-hwdb.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/udev/udevadm-hwdb.c b/src/udev/udevadm-hwdb.c
|
||||
index 948ad0f..1bffe8e 100644
|
||||
--- a/src/udev/udevadm-hwdb.c
|
||||
+++ b/src/udev/udevadm-hwdb.c
|
||||
@@ -28,6 +28,8 @@
|
||||
#include "fs-util.h"
|
||||
#include "hwdb-internal.h"
|
||||
#include "hwdb-util.h"
|
||||
+#include "label.h"
|
||||
+#include "mkdir.h"
|
||||
#include "strbuf.h"
|
||||
#include "string-util.h"
|
||||
#include "udev.h"
|
||||
@@ -656,12 +658,16 @@ static int adm_hwdb(struct udev *udev, int argc, char *argv[]) {
|
||||
rc = EXIT_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
- mkdir_parents(hwdb_bin, 0755);
|
||||
+
|
||||
+ mkdir_parents_label(hwdb_bin, 0755);
|
||||
+
|
||||
err = trie_store(trie, hwdb_bin);
|
||||
if (err < 0) {
|
||||
log_error_errno(err, "Failure writing database %s: %m", hwdb_bin);
|
||||
rc = EXIT_FAILURE;
|
||||
}
|
||||
+
|
||||
+ label_fix(hwdb_bin, false, false);
|
||||
}
|
||||
|
||||
if (test) {
|
||||
--
|
||||
2.9.3
|
||||
|
@ -12,7 +12,7 @@
|
||||
Name: systemd
|
||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||
Version: 229
|
||||
Release: 16%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
Release: 17%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
Summary: A System and Service Manager
|
||||
@ -85,6 +85,8 @@ Patch0049: 0049-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
|
||||
Patch0050: 0050-pid1-process-zero-length-notification-messages-again.patch
|
||||
Patch0051: 0051-logind-fix-crash-when-shutdown-is-not-issued-from-a-.patch
|
||||
Patch0052: 0052-hwdb-add-axis-ranges-for-the-MacBook-4-1-4030.patch
|
||||
Patch0053: 0053-hwdb-selinuxify-a-bit-3460.patch
|
||||
Patch0054: 0054-udevadm-explicitly-relabel-etc-udev-hwdb.bin-after-r.patch
|
||||
|
||||
Patch0999: 0999-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
|
||||
|
||||
@ -971,6 +973,9 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
|
||||
/usr/lib/firewalld/services/*
|
||||
|
||||
%changelog
|
||||
* Mon Jan 16 2017 Michal Sekletar <msekleta@redhat.com> - 229-17
|
||||
- explicitly relabel hwdb.bin after writing the database (#1395211)
|
||||
|
||||
* Tue Oct 4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-16
|
||||
- Fixes for #1357990, #1371596, #1378974
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user