[oe] [PATCH][meta-networking] iscsi-initiator-utils: fix SELinux label for initiatorname.iscsi
Joe MacDonald
Joe_MacDonald at mentor.com
Thu Feb 12 02:17:49 UTC 2015
Hey Wenzong,
[[oe] [PATCH][meta-networking] iscsi-initiator-utils: fix SELinux label for initiatorname.iscsi] On 15.02.04 (Wed 17:33) wenzong.fan at windriver.com wrote:
> From: Wenzong Fan <wenzong.fan at windriver.com>
>
> * /etc/iscsi/initiatorname.iscsi: etc_runtime_t -> etc_t
>
> This config file was created by postinstall or initscript, fix SELinux
> label for it to remove:
>
> avc: denied { read } for pid=6094 comm="iscsid" \
> name="initiatorname.iscsi" dev="sda3" ino=1057846 \
> scontext=system_u:system_r:iscsid_t:s0-s15:c0.c1023 \
> tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
Since this is an issue that only shows up when you have SELinux on your
system and since it is tweaking a file that is manually installed by a
do_install() in iscsi-initiator-utils, could you re-work this as a
bbappend in meta-selinux?
-J.
>
> Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
> ---
> .../recipes-daemons/iscsi-initiator-utils/files/initd.debian | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian
> index 99a7638..43fb348 100644
> --- a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian
> +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian
> @@ -39,6 +39,10 @@ start() {
> InitiatorName=$INITIATORNAME
> EOF
> fi
> +
> + # Fix label for /etc/iscsi/initiatorname.iscsi if SELinux was enabled
> + test ! -x /sbin/restorecon || /sbin/restorecon -F /etc/iscsi/initiatorname.iscsi
> +
> start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
> RETVAL=$?
> starttargets
> --
> 1.9.1
>
--
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20150211/4053bbde/attachment-0002.sig>
More information about the Openembedded-devel
mailing list