From 5ba3939722030cc9d75b8aa8cd83684546fa70fb Mon Sep 17 00:00:00 2001 From: imxcc Date: Wed, 8 Sep 2021 11:47:53 +0800 Subject: [PATCH] Allow init_t create lnk file Bugfix: When the selinux mode is enforcing, libcare.socket cannot create symlink libcare.sock. This will cause the libcare.service to fail to start. Signed-off-by: imxcc --- 0047-Allow-init_t-create-lnk-file.patch | 30 +++++++++++++++++++++++++ libcareplus.spec | 8 +++++-- 2 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 0047-Allow-init_t-create-lnk-file.patch diff --git a/0047-Allow-init_t-create-lnk-file.patch b/0047-Allow-init_t-create-lnk-file.patch new file mode 100644 index 0000000..b6b40bb --- /dev/null +++ b/0047-Allow-init_t-create-lnk-file.patch @@ -0,0 +1,30 @@ +From 7782210333c3296b68f954b46284024701ec79e4 Mon Sep 17 00:00:00 2001 +From: imxcc +Date: Wed, 8 Sep 2021 11:28:28 +0800 +Subject: [PATCH] Allow init_t create lnk file + +Bugfix: When the selinux mode is enforcing, libcare.socket cannot +create symlink libcare.sock. This will cause the libcare.service +to fail to start. + +Signed-off-by: imxcc +--- + dist/selinux/libcare.te | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/dist/selinux/libcare.te b/dist/selinux/libcare.te +index c240875..936fc34 100644 +--- a/dist/selinux/libcare.te ++++ b/dist/selinux/libcare.te +@@ -49,6 +49,8 @@ allow libcare_t libcare_file_t: file exec_file_perms; + allow libcare_t libcare_file_t: dir list_dir_perms; + allow libcare_t libcare_file_t: lnk_file read_lnk_file_perms; + ++allow init_t var_run_t:lnk_file create; ++ + # to read patient's /proc entries and be able to attach to it + allow libcare_t self: capability { dac_override dac_read_search sys_ptrace }; + +-- +2.27.0 + diff --git a/libcareplus.spec b/libcareplus.spec index 3f5c850..8e334e1 100644 --- a/libcareplus.spec +++ b/libcareplus.spec @@ -3,7 +3,7 @@ Version: 0.1.4 Name: libcareplus Summary: LibcarePlus tools -Release: 6 +Release: 7 Group: Applications/System License: GPLv2 Url: https://gitee.com/openeuler/libcareplus @@ -56,6 +56,7 @@ Patch0044: 0043-kpatch_ptrace-Split-function-kpatch_arch_prctl_remot.patch Patch0045: 0044-kpatch_ptrace-Split-function-kpatch_syscall_remote.patch Patch0046: 0045-kpatch_ptrace-Split-function-wait_for_mmap.patch Patch0047: 0046-kpatch_ptrace-Split-function-kpatch_ptrace_kickstart.patch +Patch0048: 0047-Allow-init_t-create-lnk-file.patch BuildRequires: elfutils-libelf-devel libunwind-devel gcc systemd @@ -211,7 +212,10 @@ exit 0 %endif %changelog -* Thu Sep 02 2021 imxcc - 0.1.4.6 +* Wed Sep 08 2021 imxcc - 0.1.4.7 +- selinux: Allow init_t create lnk file + +* Thu Sep 02 2021 imxcc - 0.1.4.6 - enable selinux * Sat Aug 21 2021 caodongxia - 0.1.4-5