[systemd/f20] don't reset selinux context during CHANGE events

Lukáš Nykrýn lnykryn at fedoraproject.org
Wed Oct 1 12:41:00 UTC 2014 

commit 573f68455c1e70155ab1b6c9e1ca38aab09ed31d
Author: Lukas Nykryn <lnykryn at redhat.com>
Date:   Wed Oct 1 14:05:41 2014 +0200

    don't reset selinux context during CHANGE events
    
    - add temporary workaround for #1147910
    
    Conflicts:
    	systemd.spec

 ...-default-selinux-label-only-at-add-events.patch |   28 ++++++++++++++++++++
 systemd.spec                                       |    9 +++++-
 2 files changed, 36 insertions(+), 1 deletions(-)
---
diff --git a/0001-udev-set-default-selinux-label-only-at-add-events.patch b/0001-udev-set-default-selinux-label-only-at-add-events.patch
new file mode 100644
index 0000000..a286eb1
--- /dev/null
+++ b/0001-udev-set-default-selinux-label-only-at-add-events.patch
@@ -0,0 +1,28 @@
+From 11590caa38178ff067cd6cab9f30b91c68c24bd4 Mon Sep 17 00:00:00 2001
+From: Federico Simoncelli <fsimonce at redhat.com>
+Date: Tue, 30 Sep 2014 13:34:19 +0000
+Subject: [PATCH] udev: set default selinux label only at "add" events
+
+Signed-off-by: Federico Simoncelli <fsimonce at redhat.com>
+---
+ src/udev/udev-node.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
+index ca3d781..42b2add 100644
+--- a/src/udev/udev-node.c
++++ b/src/udev/udev-node.c
+@@ -285,7 +285,10 @@ static int node_permissions_apply(struct udev_device *dev, bool apply, mode_t mo
+                 } else {
+                         log_debug("preserve permissions %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid);
+                 }
+-                label_fix(devnode, true, false);
++
++                if (streq(udev_device_get_action(dev), "add")) {
++                        label_fix(devnode, true, false);
++                }
+         }
+ 
+         /* always update timestamp when we re-use the node, like on media change events */
+-- 
+1.9.3
diff --git a/systemd.spec b/systemd.spec
index 0ef2adb..d10c7b8 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -16,7 +16,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        208
-Release:        22%{?gitcommit:.git%{gitcommit}}%{?dist}
+Release:        23%{?gitcommit:.git%{gitcommit}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        A System and Service Manager
@@ -566,6 +566,9 @@ Patch522:       0522-nspawn-allow-EEXIST-on-mkdir_safe_label.patch
 # kernel-install patch for grubby, drop if grubby is obsolete
 Patch1000:      kernel-install-grubby.patch
 
+# temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1147910
+Patch1001:      0001-udev-set-default-selinux-label-only-at-add-events.patch
+
 %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
 
 BuildRequires:  libcap-devel
@@ -1210,6 +1213,10 @@ getent passwd systemd-journal-gateway >/dev/null 2>&1 || useradd -r -l -u 191 -g
 %{_datadir}/systemd/gatewayd
 
 %changelog
+* Wed Oct 01 2014 Lukáš Nykrýn <lnykryn at redhat.com> - 208-23
+- add temporary workaround for #1147910
+- don't reset selinux context during CHANGE events
+
 * Mon Sep 22 2014 Jan Synacek <jsynacek at redhat.com> - 208-22
 - Fix systemd-nspawn with -u (#1145108)

More information about the scm-commits mailing list