[oe] [PATCH][meta-networking] iscsi-initiator-utils: fix SELinux label for initiatorname.iscsi
wenzong fan
wenzong.fan at windriver.com
Wed Mar 4 07:25:48 UTC 2015
On 02/12/2015 10:17 AM, Joe MacDonald wrote:
> Hey Wenzong,
>
> [[oe] [PATCH][meta-networking] iscsi-initiator-utils: fix SELinux label for initiatorname.iscsi] On 15.02.04 (Wed 17:33) wenzong.fan at windriver.com wrote:
>
>> From: Wenzong Fan <wenzong.fan at windriver.com>
>>
>> * /etc/iscsi/initiatorname.iscsi: etc_runtime_t -> etc_t
>>
>> This config file was created by postinstall or initscript, fix SELinux
>> label for it to remove:
>>
>> avc: denied { read } for pid=6094 comm="iscsid" \
>> name="initiatorname.iscsi" dev="sda3" ino=1057846 \
>> scontext=system_u:system_r:iscsid_t:s0-s15:c0.c1023 \
>> tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
>
> Since this is an issue that only shows up when you have SELinux on your
> system and since it is tweaking a file that is manually installed by a
> do_install() in iscsi-initiator-utils, could you re-work this as a
> bbappend in meta-selinux?
Hi Joe,
This make sense, but there's an issue that meta-networking is not
depended by meta-selinux, adding a bbappend may block the building of
meta-selinux & oe-core only.
Any suggestions about that?
Thanks
Wenzong
>
> -J.
>
>>
>> Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
>> ---
>> .../recipes-daemons/iscsi-initiator-utils/files/initd.debian | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian
>> index 99a7638..43fb348 100644
>> --- a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian
>> +++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian
>> @@ -39,6 +39,10 @@ start() {
>> InitiatorName=$INITIATORNAME
>> EOF
>> fi
>> +
>> + # Fix label for /etc/iscsi/initiatorname.iscsi if SELinux was enabled
>> + test ! -x /sbin/restorecon || /sbin/restorecon -F /etc/iscsi/initiatorname.iscsi
>> +
>> start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
>> RETVAL=$?
>> starttargets
>> --
>> 1.9.1
>>
More information about the Openembedded-devel
mailing list