packages/libcareplus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!10 bugfix: 修复selinux模式下无法创建libcare.sock的问题

Browse Source 
From: @imxcc
Reviewed-by: @mdsc,@Chuan-Zheng
Signed-off-by: @Chuan-Zheng
This commit is contained in:
openeuler-ci-bot 2021-09-08 08:02:17 +00:00 committed by Gitee
commit 3a0815c7ba
2 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0047-Allow-init_t-create-lnk-file.patch Normal file
View File

@ -0,0 +1,30 @@
From 7782210333c3296b68f954b46284024701ec79e4 Mon Sep 17 00:00:00 2001
From: imxcc <xingchaochao@huawei.com>
Date: Wed, 8 Sep 2021 11:28:28 +0800
Subject: [PATCH] Allow init_t create lnk file
Bugfix: When the selinux mode is enforcing, libcare.socket cannot
create symlink libcare.sock. This will cause the libcare.service
to fail to start.
Signed-off-by: imxcc <xingchaochao@huawei.com>
---
dist/selinux/libcare.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/dist/selinux/libcare.te b/dist/selinux/libcare.te
index c240875..936fc34 100644
--- a/dist/selinux/libcare.te
+++ b/dist/selinux/libcare.te
@@ -49,6 +49,8 @@ allow libcare_t libcare_file_t: file exec_file_perms;
allow libcare_t libcare_file_t: dir list_dir_perms;
allow libcare_t libcare_file_t: lnk_file read_lnk_file_perms;
+allow init_t var_run_t:lnk_file create;
+
# to read patient's /proc entries and be able to attach to it
allow libcare_t self: capability { dac_override dac_read_search sys_ptrace };
--
2.27.0

8
libcareplus.spec
View File

@ -3,7 +3,7 @@
Version: 0.1.4 Version: 0.1.4
Name: libcareplus Name: libcareplus
Summary: LibcarePlus tools Summary: LibcarePlus tools
Release: 6 Release: 7
Group: Applications/System Group: Applications/System
License: GPLv2 License: GPLv2
Url: https://gitee.com/openeuler/libcareplus Url: https://gitee.com/openeuler/libcareplus
@ -56,6 +56,7 @@ Patch0044: 0043-kpatch_ptrace-Split-function-kpatch_arch_prctl_remot.patch
Patch0045: 0044-kpatch_ptrace-Split-function-kpatch_syscall_remote.patch Patch0045: 0044-kpatch_ptrace-Split-function-kpatch_syscall_remote.patch
Patch0046: 0045-kpatch_ptrace-Split-function-wait_for_mmap.patch Patch0046: 0045-kpatch_ptrace-Split-function-wait_for_mmap.patch
Patch0047: 0046-kpatch_ptrace-Split-function-kpatch_ptrace_kickstart.patch Patch0047: 0046-kpatch_ptrace-Split-function-kpatch_ptrace_kickstart.patch
Patch0048: 0047-Allow-init_t-create-lnk-file.patch
BuildRequires: elfutils-libelf-devel libunwind-devel gcc systemd BuildRequires: elfutils-libelf-devel libunwind-devel gcc systemd
@ -211,7 +212,10 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Sep 02 2021 imxcc <xingchaochao@huawei.com> - 0.1.4.6 * Wed Sep 08 2021 imxcc <xingchaochao@huawei.com> - 0.1.4.7
- selinux: Allow init_t create lnk file
* Thu Sep 02 2021 imxcc <xingchaochao@huawei.com> - 0.1.4.6
- enable selinux - enable selinux
* Sat Aug 21 2021 caodongxia <caodongxia@huawei.com> - 0.1.4-5 * Sat Aug 21 2021 caodongxia <caodongxia@huawei.com> - 0.1.4-5